Re: [PATCH] ETags and Last-Modified, take 3

["Roy T. Fielding" <fi...@kiwi.ics.uci.edu>]

Ummm, I may have forgotten to mention this, but conditional requests
for anything other than GET or HEAD must be checked prior to invoking
the method on the resource.  There is no way for the server core to
make that decision for any resource that is not handled by the server
core, which is the main reason why they are passed unmolested to the
actual handler and not enforced on the response from the handler.

In other words, script output must not be subject to meets_conditions
unless method == M_GET and status == 200.  Otherwise, the server should
just let the CGI handle it (or not).  The server should never kill a CGI,
not even for a HEAD -- just let it run (my preference) or send it SIGPIPE.
I don't care how long the script may run -- if it is important, then they
can bloody well fix the script.

Also, an Etag must include a control stamp which is guaranteed to change
when any part of the content of the response would change.  That is
definitely not the case for the suggested change to mod_include.c, so
you'll have to remove that.

Reorganizing the calls so that they are separate is still a good idea,
since this will make it easier for non-core handlers to check conditions
before performing an unsafe method.

....Roy

Re: [PATCH] ETags and Last-Modified, take 3

[Dean Gaudet <dg...@arctic.org>]

On Tue, 2 Sep 1997, Roy T. Fielding wrote:

> In other words, script output must not be subject to meets_conditions
> unless method == M_GET and status == 200.  Otherwise, the server should
> just let the CGI handle it (or not).  The server should never kill a CGI,
> not even for a HEAD -- just let it run (my preference) or send it SIGPIPE.
> I don't care how long the script may run -- if it is important, then they
> can bloody well fix the script.

I'll repeat again ... the server does kill CGIs.  They are killed as soon
as the pool is cleared, whether that be because it was a HEAD and the
headers have been read and sent to the client, or because it's anything
else and a timeout occurs.  It is not trivial to "fix" this.  I don't even
think it needs "fixing".  I don't understand people's reluctance to kill
CGIs.  They are sent SIGTERM as soon as their pool is cleared, and SIGKILL
if they haven't died within three seconds.  It's always been this way. 

The script's stdout is bclose()d as soon as the headers have been read if
it's a HEAD request.  This causes a SIGPIPE and EOFs which are no doubt
ignored by 99.9999% of the scripts out there.  I don't know if Ken's patch
does this already, but it could easily. 

> Also, an Etag must include a control stamp which is guaranteed to change
> when any part of the content of the response would change.  That is
> definitely not the case for the suggested change to mod_include.c, so
> you'll have to remove that.

I think I missed this ... what change to mod_include? 

Dean