Sylvain Hellegouarch wrote:
Tim Bray wrote:
On Nov 22, 2006, at 3:11 AM, Sylvain Hellegouarch wrote:
Say I POST an atom:entry to a collection URI, this entry does not have
an atom:author
If I were implementing the server, in this scenario I'd reject the post
with an error message. It's hard for me to see a scenario where the
author info isn't already known and not providing it is still OK. (In
fact, it's hard for me to imagine a scenario in which the author info
isn't already known, period.) -Tim
Scenario: I have an opaque token (an encrypted cookie set on a browser,
say) which carries the currently authenticated user's name. I'm
Javascript code that's running without the ability to decrypt the
cookie, but I'm able to POST an entry to the server and have it do the
correct thing. Even if I specified something in the Author field, the
server is just going to override it with the more authoritative
encrypted cookie value.
We have actually run into this type of problem (in other situations) and
had to modify the server to set the user name in a plain text cookie
purely so Javascript could see it and use it. This may not be possible
in all situations.
I think the spirit of RFC 4287 is that readers of feeds should be able
to rely on a standard way to find author information. I don't think
that speaks to this case. I do think it'd be perfectly reasonable to
say that a server which gets an empty author, and which cannot infer
enough to create a valid Atom entry, should reject the entry.
-John
