From c5825937ca4fabf7f2d4816a217bfaa63d1ee5bf Mon Sep 17 00:00:00 2001 From: Kjetil Kjernsmo Date: Sat, 13 Nov 2021 00:08:25 +0100 Subject: [PATCH 1/5] Introduce constraint on PATCH to only patch target resource --- protocol.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/protocol.html b/protocol.html index 19b61453..a7906206 100644 --- a/protocol.html +++ b/protocol.html @@ -708,6 +708,8 @@

Writing Resources

Servers MUST NOT allow HTTP POST, PUT and PATCH to update a container’s containment triples; if the server receives such a request, it MUST respond with a 409 status code. [Source]

+

Servers MUST NOT allow a request with a PATCH method to change other resources than the target resource. [Source]

+

Note: Conditional Update

From 5746d45fc5cf89a75e188c782a71fe0538a9c302 Mon Sep 17 00:00:00 2001 From: Kjetil Kjernsmo Date: Sat, 13 Nov 2021 00:15:49 +0100 Subject: [PATCH 2/5] Add that 422 should be returned --- protocol.html | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/protocol.html b/protocol.html index a7906206..3f179d31 100644 --- a/protocol.html +++ b/protocol.html @@ -708,7 +708,10 @@

Writing Resources

Servers MUST NOT allow HTTP POST, PUT and PATCH to update a container’s containment triples; if the server receives such a request, it MUST respond with a 409 status code. [Source]

-

Servers MUST NOT allow a request with a PATCH method to change other resources than the target resource. [Source]

+

+ Servers MUST NOT allow a request with a PATCH method to change other resources than the target resource. [Source] + Servers SHOULD respond with a 422 status code [RFC4918] and a message body that explains the error if it determines that such an instruction is attempted. +

Note: Conditional Update

@@ -1072,6 +1075,8 @@

Normative References

Registration Procedures for Message Header Fields. G. Klyne; M. Nottingham; J. Mogul. IETF. September 2004. Best Current Practice. URL: https://datatracker.ietf.org/doc/html/rfc3864
[RFC3986]
Uniform Resource Identifier (URI): Generic Syntax. T. Berners-Lee; R. Fielding; L. Masinter. IETF. January 2005. Internet Standard. URL: https://datatracker.ietf.org/doc/html/rfc3986
+
[RFC4918]
+
HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV). L. Dusseault, Ed.. IETF. June 2007. Proposed Standard. URL: https://datatracker.ietf.org/doc/html/rfc4918
[RFC5023]
The Atom Publishing Protocol. J. Gregorio, Ed.; B. de hOra, Ed.. IETF. October 2007. Proposed Standard. URL: https://datatracker.ietf.org/doc/html/rfc5023
[RFC5789]
From b22c3d1b2372640620d0bdc5182432261fdc4bdb Mon Sep 17 00:00:00 2001 From: Kjetil Kjernsmo Date: Sun, 14 Nov 2021 22:25:11 +0100 Subject: [PATCH 3/5] Update protocol.html Co-authored-by: Ted Thibodeau Jr --- protocol.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/protocol.html b/protocol.html index 3f179d31..ec961633 100644 --- a/protocol.html +++ b/protocol.html @@ -709,7 +709,7 @@

Writing Resources

Servers MUST NOT allow HTTP POST, PUT and PATCH to update a container’s containment triples; if the server receives such a request, it MUST respond with a 409 status code. [Source]

- Servers MUST NOT allow a request with a PATCH method to change other resources than the target resource. [Source] + Servers MUST NOT allow a request with a PATCH method to change resources other than the target resource. [Source] Servers SHOULD respond with a 422 status code [RFC4918] and a message body that explains the error if it determines that such an instruction is attempted.

From d5f897530efd29b37b386c68ae10080e094eeeab Mon Sep 17 00:00:00 2001 From: Kjetil Kjernsmo Date: Tue, 23 Nov 2021 16:02:12 +0100 Subject: [PATCH 4/5] Incorporate @RubenVerborgh's feedback --- protocol.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/protocol.html b/protocol.html index 3f179d31..add95634 100644 --- a/protocol.html +++ b/protocol.html @@ -709,7 +709,7 @@

Writing Resources

Servers MUST NOT allow HTTP POST, PUT and PATCH to update a container’s containment triples; if the server receives such a request, it MUST respond with a 409 status code. [Source]

- Servers MUST NOT allow a request with a PATCH method to change other resources than the target resource. [Source] + Servers MUST NOT allow a client to explicitly request multi-resource changes via the PATCH method, but the server is permitted to propagate side-effects of a change to the target resource to other resources. [Source] Servers SHOULD respond with a 422 status code [RFC4918] and a message body that explains the error if it determines that such an instruction is attempted.

From 6339dd2f88e8d3eb20b14f57173c2c59de5d1e71 Mon Sep 17 00:00:00 2001 From: Kjetil Kjernsmo Date: Tue, 23 Nov 2021 23:55:52 +0100 Subject: [PATCH 5/5] Object of req level needs hyphen --- protocol.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/protocol.html b/protocol.html index add95634..57dd7911 100644 --- a/protocol.html +++ b/protocol.html @@ -709,7 +709,7 @@

Writing Resources

Servers MUST NOT allow HTTP POST, PUT and PATCH to update a container’s containment triples; if the server receives such a request, it MUST respond with a 409 status code. [Source]

- Servers MUST NOT allow a client to explicitly request multi-resource changes via the PATCH method, but the server is permitted to propagate side-effects of a change to the target resource to other resources. [Source] + Servers MUST NOT allow a client to explicitly request multi-resource changes via the PATCH method, but the server is permitted to propagate side-effects of a change to the target resource to other resources. [Source] Servers SHOULD respond with a 422 status code [RFC4918] and a message body that explains the error if it determines that such an instruction is attempted.