On Apr 21, 2006, at 9:33 AM, Mark Nottingham wrote:
[ from the big comment e-mail; raising as a separate issue, as
requested ]
The current draft says that:
"If the method is POST or PUT, then the data passed to the send()
method must be used for the entity body."
This doesn't account for other request methods that may have a
request body, e.g., PROPPATCH. Suggested text:
"Any data passed to the send() method MUST be used in the entity
body. If data is passed to send() when it is known to be incorrect
(e.g., in GET, HEAD, and DELETE requests), implementations MUST
raise an error."
Current implementations silently ignore the body in this case. It
seems like a bad idea to change this to raising an exception, since
it could break existing content that blindly sets a body. But it
seems ok to change the requirement to require ignoring the body for a
specific list of methods, instead of allowing it only for a specific
list of methods, so long as this would not allow security holes or
violations of the http spec.
Regards,
Maciej
