tags:

views:

31

answers:

2
Q: 

Using HTTP Vary header to decide on a strategy to process a request

I have a specific REST endpoint that creates a topic in a forum; but I want to apply different strategies when processing the request. e.g. If client A makes the call, perform moderation. if client B makes the call, do something else. The easiest would be to add a query param for differentiation:

 POST /resource?from=xyz

Another brilliant idea is to use the Vary HTTP header.

 POST /resource
 Vary: xyz

Any problems with this approach ?

+1  A: 

If this is for security reasons, this is very bad security. Rather, use standard HTTP authentication (or your custom authentication scheme) to pass credentials to the backend, and only there, based on credential/roles do whatever moderation/audit is required.

Anton Gogolev  2010-03-30 09:53:13
Yes, that is the proper way to distinguish users. Question, Jacques: why do you intend to do two different things through a single resource, anyway?
Jan Algermissen  2010-03-30 11:30:20
+4  A: 

Well, for one, "Vary" is a response header, so this is not so brilliant :-)

Julian Reschke  2010-03-30 11:15:10
+1...make sure you actually do read the HTTP spec :-)
Jan Algermissen  2010-03-30 11:31:01

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.