Merge 7e29755

remotestorage · Nov 30, 2015 · 04d91a8 · 04d91a8
1 parent 739ddb8
commit 04d91a8
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 22 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,8 @@
 ## Breaking for servers:
 * Apart from GET requests, HEAD requests are also allowed without Authorization
   request header on public folders.
+* Servers that support range requests should now announce this not only through
+  WebFinger, but also through the HTTP 'Accept-Ranges' header.
 
 ## Breaking for clients:
 * Apart from acct:me@mydomain.com ('me@mydomain.com' in UI), http://mydomain.com/

diff --git a/release/draft-dejong-remotestorage-06.txt b/release/draft-dejong-remotestorage-06.txt
@@ -269,8 +269,9 @@ Internet-Draft              remoteStorage                  November 2015
     would not be identical byte-for-byte.
 
     Servers MAY support Content-Range headers [RANGE] on GET requests,
-    but whether or not they do SHOULD be announced through the <ranges>
-    variable mentioned below in section 10.
+    but whether or not they do SHOULD be announced both through the
+    "http://tools.ietf.org/html/rfc7233" option mentioned below in
+    section 10 and through the HTTP 'Accept-Ranges' response header.
 
     A successful PUT request to a document MUST result in:
 
@@ -297,14 +298,14 @@ Internet-Draft              remoteStorage                  November 2015
     A successful DELETE request to a document MUST result in:
 
        * the deletion of that document from the storage, and from its
-         parent folder,
 
 
 de Jong                                                         [Page 6]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+         parent folder,
        * silent deletion of the parent folder if it is left empty by
          this, and so on for further ancestor folders,
        * the version of its parent folder being updated, as well as that
@@ -347,14 +348,14 @@ Internet-Draft              remoteStorage                  November 2015
        * 507 in case the account is over its storage quota,
        * 4xx for all malformed requests, e.g. reserved characters in the
              path [URI, section 2.2], as well as for all PUT and DELETE
-             requests to folders,
 
 
 de Jong                                                         [Page 7]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+             requests to folders,
        * 2xx for all successful requests.
 
     Clients SHOULD also handle the case where a response takes too long
@@ -399,12 +400,12 @@ Internet-Draft              remoteStorage                  November 2015
     reply to preflight OPTIONS requests as per CORS.
 
 
-
 de Jong                                                         [Page 8]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+
 8. Session description
 
     The information that a client needs to receive in order to be able
@@ -449,12 +450,12 @@ Internet-Draft              remoteStorage                  November 2015
     with each access scope representing the following permissions:
 
 
-
 de Jong                                                         [Page 9]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+
     '*:rw') any request,
 
     '*:r') any GET or HEAD request,
@@ -497,14 +498,14 @@ Internet-Draft              remoteStorage                  November 2015
         "http://remotestorage.io/spec/version": <storage_api>,
         "http://tools.ietf.org/html/rfc6749#section-4.2": <auth-dialog>,
         "...": "...",
-      }
 
 
 de Jong                                                        [Page 10]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+      }
     }
 
     A common way of identifying persons as <user> at <host> is through a
@@ -547,14 +548,14 @@ Internet-Draft              remoteStorage                  November 2015
     (e.g. retrieve the protected resource asynchronously in the first
     case, or request the entire resource in the second case).
 
-    A "http://remotestorage.io/spec/web-authoring" property has been
 
 
 de Jong                                                        [Page 11]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+    A "http://remotestorage.io/spec/web-authoring" property has been
     proposed with a string value of the fully qualified domain name to
     which web authoring content is published if the server supports web
     authoring as per [AUTHORING]. Note that this extension is a breaking
@@ -599,12 +600,12 @@ Internet-Draft              remoteStorage                  November 2015
     information.
 
 
-
 de Jong                                                        [Page 12]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+
     If no access_token was given, then the application SHOULD also
     extract the <auth_endpoint> information from WebFinger, and continue
     as per application-first bearer token issuance.
@@ -647,14 +648,14 @@ g.com HTTP/1.1
 
          HTTP/1.1 200 OK
          Access-Control-Allow-Origin: *
-         Content-Type: application/jrd+json
 
 
 de Jong                                                        [Page 13]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+         Content-Type: application/jrd+json
 
          {
            "links":[{
@@ -697,14 +698,14 @@ unhosted.5apps.com&response_type=token HTTP/1.1
         HTTP/1.1 200 OK
 
         <!DOCTYPE html>
-        <html lang="en">
 
 
 de Jong                                                        [Page 14]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+        <html lang="en">
           <head>
             <title>Allow access?</title>
         ...
@@ -747,14 +748,14 @@ low
         Access-Control-Request-Headers: Authorization
         Referer: https://drinks-unhosted.5apps.com/
 
-    To which the server can for instance respond:
 
 
 de Jong                                                        [Page 15]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+    To which the server can for instance respond:
 
         HTTP/1.1 200 OK
         Access-Control-Allow-Origin: https://drinks-unhosted.5apps.com
@@ -797,14 +798,14 @@ ntent-Type, Origin, X-Requested-With, If-Match, If-None-Match
         Authorization: Bearer j2YnGtXjzzzHNjkd1CJxoQubA1o=
         Content-Type: application/json; charset=UTF-8
         Referer: https://drinks-unhosted.5apps.com/
-        If-Match: "1382694045000"
 
 
 de Jong                                                        [Page 16]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+        If-Match: "1382694045000"
 
         {"name":"test", "updated":true, "@context":"http://remotestorag\
 e.io/spec/modules/myfavoritedrinks/drink"}
@@ -847,14 +848,14 @@ ge.io/spec/modules/myfavoritedrinks/drink"}
 
     If the GET URL would have been "/storage/michiel/myfavoritedrinks/",
     a 200 OK response would have a folder description as the response
-    body:
 
 
 de Jong                                                        [Page 17]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+    body:
 
         HTTP/1.1 200 OK
         Access-Control-Allow-Origin: https://drinks-unhosted.5apps.com
@@ -897,14 +898,14 @@ charset=UTF-8","Content-Length":106}}}
     This section is non-normative, and is intended to explain some of
     the design choices concerning ETags and folder listings. At the
     same time it will hopefully help readers who intend to develop an
-    application that uses remoteStorage as its per-user data storage.
 
 
 de Jong                                                        [Page 18]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+    application that uses remoteStorage as its per-user data storage.
     When multiple clients have read/write access to the same document,
     versioning conflicts may occur. For instance, client A may make
     a PUT request that changes the document from version 1 to version
@@ -949,12 +950,12 @@ Internet-Draft              remoteStorage                  November 2015
     caused the root folder's ETag to change.
 
 
-
 de Jong                                                        [Page 19]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+
     Note that the remoteStorage server does not get involved in the
     conflict resolution. It keeps the canonical current version at all
     times, and allows clients to make conditional GET and PUT requests,
@@ -997,14 +998,14 @@ Internet-Draft              remoteStorage                  November 2015
     attempt to guess the location of such documents.
 
     The server SHOULD also detect and stop denial-of-service attacks
-    that aim to overwhelm its interface with too much traffic.
 
 
 de Jong                                                        [Page 20]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+    that aim to overwhelm its interface with too much traffic.
 
 15. IANA Considerations
 
@@ -1049,12 +1050,12 @@ Internet-Draft              remoteStorage                  November 2015
         "WebFinger", RFC7033, September 2013.
 
 
-
 de Jong                                                        [Page 21]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+
     [OAUTH]
         "Section 4.2: Implicit Grant", in: Hardt, D. (ed), "The OAuth
         2.0 Authorization Framework", RFC6749, October 2012.
@@ -1097,14 +1098,14 @@ Internet-Draft              remoteStorage                  November 2015
     [MANIFEST]
         Mozilla Developer Network (ed), "App manifest -- Revision
         330541", https://developer.mozilla.org/en-
-        US/Apps/Build/Manifest$revision/566677, April 2014.
 
 
 de Jong                                                        [Page 22]
 
 Internet-Draft              remoteStorage                  November 2015
 
 
+        US/Apps/Build/Manifest$revision/566677, April 2014.
 
     [DATASTORE]
         "WebAPI/DataStore", MozillaWiki, retrieved May 2014.
@@ -1149,5 +1150,4 @@ Internet-Draft              remoteStorage                  November 2015
 
 
 
-
 de Jong                                                        [Page 23]
diff --git a/source.txt b/source.txt
@@ -234,8 +234,9 @@ Table of Contents
     would not be identical byte-for-byte.
 
     Servers MAY support Content-Range headers [RANGE] on GET requests,
-    but whether or not they do SHOULD be announced through the <ranges>
-    variable mentioned below in section 10.
+    but whether or not they do SHOULD be announced both through the
+    "http://tools.ietf.org/html/rfc7233" option mentioned below in
+    section 10 and through the HTTP 'Accept-Ranges' response header.
 
     A successful PUT request to a document MUST result in: