Whatever you end up doing here, it might be good to have it in
writing. I was once trying to implement a write-only feature (use
cases like submitting homework or expense reports or survey responses
to a survey folder), but it turned out that Microsoft clients threw
up nasty errors if they did a PUT and could not do a HEAD immediately
afterward and see the details of the resource.
Not sure that the client implementors would have behaved any
differently had there been a spec saying "It is not guaranteed that
you can do a GET or a HEAD after a PUT", but at least there'd have
been a nerf bat to beat them with.
Lisa
On May 14, 2006, at 2:40 PM, Tim Bray wrote:
On May 14, 2006, at 12:31 PM, Walter Underwood wrote:
I'm thinking about the design for a comment system for my blog,
and I'd like to
implement it as an APP server. Only thing is, people who are
commenting don't
get to see or review the existing "entries" in the incoming-
comments feed. So
they can POST but there's nothing they can GET. Does this break
any rules? -Tim
Are the individual entries read/write and only the feed is read-
protected?
Actually, it's like this; I do in fact plan to return the content-
location of the posting in the pre-moderation area, and allow PUT
and DELETE on it until it's been rejected or approved; the URI will
be random enough that I'm prepared to live with security-by-
obscurity. So the entries are in fact read/write, but there is no
collection you can GET to find out what entries there are. I'm
pretty sure this is perfectly legal but wanted to canvass opinions.
-Tim
