--- a/ldp-paging.html Mon Jul 28 12:44:29 2014 -0400
+++ b/ldp-paging.html Mon Jul 28 14:29:21 2014 -0400
@@ -1134,6 +1134,15 @@
complete, or make assumptions to that effect.
</h2></section>
+ <section id="ldpp-client-nofollow-303"><h2 class="normal"><a title="LDP Paging client">LDP Paging clients</a>
+ MUST NOT treat the target of a <code>303 See Other</code> redirection as a replacement for the original resource.
+ That is, they cannot treat a <code>303</code> status code as if it was a
+ <code>307 Temporary Redirect</code> [[!RFC7231]] or <code>308 Permanent Redirect</code> [[!RFC7238]],
+ as [[RFC7231]] makes clear. This is critical to a client's ability to distinguish between the representation
+ of a single <a>in-sequence page resource</a> and that of the <a>paged resource</a> when a <a>LDP Paging server</a>
+ uses <a href="#ldpr-status-code">redirection</a> as a way to <a href="#ldpr-pagingGET-only-paging-clients">initiate paging</a>.
+ </h2></section>
+
</section>
<section id="ldpp-hints">
@@ -1503,7 +1512,7 @@
</h2></section><!-- Was 4.10.2.4 / #ldpr-pagingGET-page-type-reqd -->
<section id="ldpr-pagingGET-only-paging-clients"><h2 class="normal">
- <a title="LDP Paging server">LDP Paging servers</a> MUST NOT
+ <a title="LDP Paging server">LDP Paging servers</a> SHOULD NOT
initiate paging unless the client has indicated it understands paging.
The only standard means defined by LDP paging for a client to signal a server that the client
understands paging is via the <a href="#ldpp-hints">client preference</a> defined for this purpose;
@@ -1511,15 +1520,18 @@
<blockquote>
<em>Non-normative note:</em>
<a title="LDP Paging server">LDP Paging servers</a> could choose to make any resource
- available <em>only</em> as a paged resource. One consequence of the prohibition on initiating paging
- when interacting with non-paging-aware clients is: if such a server
- receives a request for a paged-only resource, and the request does not signal that
- the client is paging-aware, then the server has to reject the request, most likely
- with a <code>4xx</code> status code. This avoids the situation where a non-paging-aware client
- blindly follows a <code>303</code> redirect, retrieves that resource (which the server, but not the client,
- knows to contain only the first page of the paged resource's state), and upon receiving the <code>200 OK</code>
- status code concludes that it now has the <em>entire</em> representation of the paged resource's state (instead
- of only having a representation of the subset assigned to the first page).
+ available <em>only</em> as a paged resource.
+ In so doing, when interacting with clients <em>unaware</em> of LDP Paging,
+ if the server initiates paging anyway then it runs the risk
+ that an ill-behaved client will automatically follow a
+ <code>303 See Other</code> redirect and believe via the subsequent
+ <code>200 OK</code> that it has obtained a complete representation of the <a>paged resource</a>
+ rather than of what may be a single <a>in-sequence page resource</a>.
+ The alternative is for the server to reject the request, most likely
+ with a <code>4xx</code> status code.
+ <a title="LDP Paging client">LDP Paging clients</a> <a href="#ldpp-client-nofollow-303">will not follow redirects in this way</a>,
+ but some existing HTTP clients are known to treat <code>303 See Other</code> redirects as if they were
+ equivalent to the original request-URI, despite this being explicitly disclaimed in [[RFC7231]].
</blockquote>
</section>
@@ -2006,7 +2018,8 @@
<!-- <blockquote><em><a href="http://www.w3.org/TR/2013/WD-ldp-paging-20140930/">Candidate Recommendation Draft</a></em></blockquote> wah -->
<!-- <blockquote><em><a href="http://www.w3.org/TR/2013/WD-ldp-paging-20140730/">Last Call Draft</a></em></blockquote> -->
<ul>
- <li>2014-07-28 - Updates to address public review comment (JA) </li>
+ <li>2014-07-28 - Updates to address public review comment on must-not initiate paging (JA) </li>
+ <li>2014-07-28 - Updates to address public review comment on Prefer (JA) </li>
<li>2014-07-17 - Fixed minor spelling/grammar and validation problems (SS)</li>
<li>2014-07-15 - Final updates hopefully before LC2 draft issued (JA) </li>
<li>2014-07-09 - Fix Ashok's emailed comments (JA) </li>