[
https://issues.apache.org/jira/browse/SLING-3203?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13878420#comment-13878420
]
Felix Meschberger commented on SLING-3203:
------------------------------------------
I agree with the 400 part not being appropriate. I am not really sure about 404
being the right code, though. Rather I think it would be 403/FORBIDDEN (we
don't allow this operation on this resource [URL]) or maybe even 409/CONFLICT
(because we generally allow this method on this URL but in this context)
WDYT ?
Going a step further: I wonder, whether we should not forbid selectors and
extensions completely on the SlingPostServlet ?
> Post servlet's delete operation deletes parent of nonexisting node
> ------------------------------------------------------------------
>
> Key: SLING-3203
> URL: https://issues.apache.org/jira/browse/SLING-3203
> Project: Sling
> Issue Type: Bug
> Components: Servlets
> Affects Versions: Servlets Post 2.3.2
> Reporter: Bertrand Delacretaz
> Attachments: SLING-3203.patch
>
>
> In the below scenario, /tmp/test is gone after the delete operation - the
> resource resolver goes up the path of the nonexisting node, and it's
> /tmp/test that's provided to the DeleteOperation.
> I think we should change this (maybe with a backwards compatibility switch),
> as it's clear that the user's intention in this case is not to delete
> /tmp/test. Maybe just reject :delete operations if the request has any
> selector or extensions.
> curl -u admin:admin -X POST http://localhost:8080/tmp/test/some.node
> curl -u admin:admin http://localhost:8080/tmp/test.tidy.2.json # looks good
> curl -u admin:admin -F:operation=delete
> http://localhost:8080/tmp/test.other/nothing
> curl -u admin:admin http://localhost:8080/tmp/test.tidy.2.json # 404
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
