|
|
Post by arunthomasbaby on Oct 19, 2020 11:45:55 GMT
Hi All,
From my understanding all redirection request without Authentication should respond with 404 status code if accessing a resource which requires authentication.
eg: https://{{ip}}/redfish/v1/Systems/ => 404 if accessed without Authentication.
So my doubt here is whether this behaviour should be same for a request without Authentication and request with invalid authentication credentials(wrong username or password) ?.
TIA
Arun
|
|
|
|
Post by mraineri on Oct 21, 2020 12:49:55 GMT
Looking back at the history of that clause in the spec, I'm thinking that this might be a mistake. Regardless of redirection, if authentication is required, I would expect a 401 if authentication headers are missing or invalid, which would be consistent with the non-redirect scenario.
|
|
|
|
Post by AMI_shirleyh on May 31, 2021 18:10:32 GMT
What Status code to return for a trailing slash with URI's and with correct Authentication for each of the methods - GET, POST, PUT, PATCH, DELETE ?
Example :
Original URI : https://{{ip}}/redfish/v1/Systems - 200 with Response data.
GET https://{{ip}}/redfish/v1/Systems/ - 302 with Location Header or 301 ?
Similarly what Status code should be returned for other HTTP methods ?
SPEC does not mandate - but will it depend on the implementor's choice or do you have any suggestions or preference to follow uniformly ?
|
|
|
|
Post by mraineri on Jun 1, 2021 13:14:58 GMT
Largely that's going to be implementation dependent based on the underlying web server being used. At least based on reading the RFCs, both 301 and 302 seem to work and the semantics between the two are very minor as far as I can tell. For other HTTP methods, 303 and 307 may also be needed (at least from a few observations I've made with different web services).
However, you also don't necessarily need to perform a redirect; you could also use one of the 2XX status codes and avoid redirection altogether. Again, this is an implementation decision based on what works for your web server.
It's also possible to not support those URIs at all since they are outside the scope of the Redfish Specification; again, this is another implementation choice based on the types of clients you need to support, but I would not expect a general purpose client following the URI patterns in the specification to use trailing slashes.
|
|
