XMLHttpRequest in IE7 with REPORT method

Hi,
Has anyone tried using XMLHttpRequest in IE7 to do WebDAV operations? 
Specifically we are finding that the REPORT method seems to fail on the 
.open() call (same thing for CalDAV's MKCALENDAR). PROPFIND works fine. Any 
ideas on whether REPORT can be made to work?

We have also tried using the Msxml2.XMLHTTP ActiveX object. Whilst that 
seems to accept REPORT as a valid method, it fails with digest 
authentication (basic works). What we see is that it makes an 
unauthenticated requests and gets back a 401 with the digest challenge, but 
then it makes another unauthenticated request and fails (instead of sending 
the digest response). Basic authentication works as does digest with 
PROPFIND. Any ideas what might be up?

Is there any other way in IE7 to make WebDAV REPORT requests that will work?

--

-- 
Cyrus Daboo

Re: XMLHttpRequest in IE7 with REPORT method

Cyrus Daboo wrote:
> Hi,
> Has anyone tried using XMLHttpRequest in IE7 to do WebDAV operations? 
> Specifically we are finding that the REPORT method seems to fail on the 
> .open() call (same thing for CalDAV's MKCALENDAR). PROPFIND works fine. 
> Any ideas on whether REPORT can be made to work?

Only by falling back to the ActiveX variant of XmlHttpRequest.

This issue has been reported to Microsoft something long ago (see thread 
around 
<http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0352.html>), 
but first they claimed it was "by design", and then it was too late to 
change, even for IE8.

BTW: don't try to do this with Opera, it will silently change the method 
name to GET.

> We have also tried using the Msxml2.XMLHTTP ActiveX object. Whilst that 
> seems to accept REPORT as a valid method, it fails with digest 
> authentication (basic works). What we see is that it makes an 
> unauthenticated requests and gets back a 401 with the digest challenge, 
> but then it makes another unauthenticated request and fails (instead of 
> sending the digest response). Basic authentication works as does digest 
> with PROPFIND. Any ideas what might be up?
>
> Is there any other way in IE7 to make WebDAV REPORT requests that will 
> work?

I've used the ActiveX object a lot in the past, but probably not with 

Re: XMLHttpRequest in IE7 with REPORT method

Hi Julian,

--On May 14, 2009 7:15:17 PM +0200 Julian Reschke <julian.reschke <at> gmx.de> 
wrote:

>> Has anyone tried using XMLHttpRequest in IE7 to do WebDAV operations?
>> Specifically we are finding that the REPORT method seems to fail on the
>> .open() call (same thing for CalDAV's MKCALENDAR). PROPFIND works fine.
>> Any ideas on whether REPORT can be made to work?
>
> Only by falling back to the ActiveX variant of XmlHttpRequest.
>
> This issue has been reported to Microsoft something long ago (see thread
> around
> <http://lists.w3.org/Archives/Public/public-webapps/2009JanMar/0352.html>
> ), but first they claimed it was "by design", and then it was too late to
> change, even for IE8.
>
> BTW: don't try to do this with Opera, it will silently change the method
> name to GET.

Has any effort gone into defining a standard for tunneling unsupported HTTP 
methods over, say, POST? That's what we will end up doing if there is no 
solution on the browser side - but then our webapp won't work with other 
servers unless they support POST-tunneling too.

--

-- 
Cyrus Daboo

Re: XMLHttpRequest in IE7 with REPORT method

On 14.05.2009, at 19:28, Cyrus Daboo wrote:
> Has any effort gone into defining a standard for tunneling  
> unsupported HTTP methods over, say, POST? That's what we will end up  
> doing if there is no solution on the browser side - but then our  
> webapp won't work with other servers unless they support POST- 
> tunneling too.

Its not a real standard, but maybe this would be an reasonable  
fallback option:

   X-HTTP-Method-Override

   http://code.google.com/apis/gdata/docs/2.0/basics.html

We do support that in our frameworks.

Greets,
   Helge
--

-- 
Helge Hess
http://helgehess.eu/

Last Call: draft-ietf-webdav-bind (Binding Extensions to Web Distributed Authoring and Versioning (WebDAV)) to Experimental RFC

The IESG has received a request from the WWW Distributed Authoring and 
Versioning WG (webdav) to consider the following document:

- 'Binding Extensions to Web Distributed Authoring and Versioning 
   (WebDAV) '
   <draft-ietf-webdav-bind-23.txt> as an Experimental RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send substantive comments to the
ietf <at> ietf.org mailing lists by 2009-05-28. Exceptionally, 
comments may be sent to iesg <at> ietf.org instead. In either case, please 
retain the beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://www.ietf.org/internet-drafts/draft-ietf-webdav-bind-23.txt

IESG discussion can be tracked via
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=9401&rfc_flag=0

_______________________________________________
IETF-Announce mailing list
IETF-Announce <at> ietf.org
https://www.ietf.org/mailman/listinfo/ietf-announce

[Fwd: Last Call: draft-ietf-webdav-bind (Binding Extensions to Web Distributed Authoring and Versioning (WebDAV)) to Experimental RFC]

(FYI)

-------- Original Message --------
To: IETF-Announce <ietf-announce <at> ietf.org>
From: The IESG <iesg-secretary <at> ietf.org>
Subject: Last Call: draft-ietf-webdav-bind (Binding Extensions to Web 
Distributed Authoring and Versioning (WebDAV)) to Experimental RFC
Message-Id: <20090514204643.4014928C38F <at> core3.amsl.com>
Date: Thu, 14 May 2009 13:46:43 -0700 (PDT)
Cc: w3c-dist-auth <at> w3.org

The IESG has received a request from the WWW Distributed Authoring and
Versioning WG (webdav) to consider the following document:

- 'Binding Extensions to Web Distributed Authoring and Versioning
    (WebDAV) '
    <draft-ietf-webdav-bind-23.txt> as an Experimental RFC

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action.  Please send substantive comments to the
ietf <at> ietf.org mailing lists by 2009-05-28. Exceptionally,
comments may be sent to iesg <at> ietf.org instead. In either case, please
retain the beginning of the Subject line to allow automated sorting.

The file can be obtained via
http://www.ietf.org/internet-drafts/draft-ietf-webdav-bind-23.txt

IESG discussion can be tracked via
https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=9401&rfc_flag=0

Re: [Fwd: Last Call: draft-ietf-webdav-bind (Binding Extensions to Web Distributed Authoring and Versioning (WebDAV)) to Experimental RFC]

Hi,

> ...
> The IESG has received a request from the WWW Distributed Authoring and
> Versioning WG (webdav) to consider the following document:
> 
> - 'Binding Extensions to Web Distributed Authoring and Versioning
>    (WebDAV) '
>    <draft-ietf-webdav-bind-23.txt> as an Experimental RFC
> 
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action.  Please send substantive comments to the
> ietf <at> ietf.org mailing lists by 2009-05-28. Exceptionally,
> comments may be sent to iesg <at> ietf.org instead. In either case, please
> retain the beginning of the Subject line to allow automated sorting.
> 
> The file can be obtained via
> http://www.ietf.org/internet-drafts/draft-ietf-webdav-bind-23.txt
> ...

So we finally reached IETF Last Call -- thanks to Cyrus Daboo for taking 
the shepherd role, and to Alexey Melnikov for the AD review.

I already have annotated the spec with the Alexey's feedback that needs 
to be addressed; see the open issues in 
<http://greenbytes.de/tech/webdav/draft-ietf-webdav-bind-latest.html#rfc.issues-list>, 
and will try to record all LC comments similarly.

Best regards, Julian

Issue with non-aggregate abstract privileges and DAV:current-user-privilege-set

WebDAV BIND LC issue: example for COPY updating multiple bindings

Hi,

in Section 2.3 we say:

"...If because of multiple bindings to a resource, more than one source 
resource updates a single destination resource, the order of the updates 
is server defined." -- 
<http://greenbytes.de/tech/webdav/draft-ietf-webdav-bind-23.html#rfc.section.2.3.p.4>

Alexey mentioned that it would be useful to have an example for this 
particular case.

This issue is tracked as

<http://greenbytes.de/tech/webdav/draft-ietf-webdav-bind-issues.html#issue.ex-copy-multiple-update>, 
and for now I have add the example below:

-- snip --
2.3.2.  Example: COPY updating multiple Bindings

    Given the following collection hierarchy:

                                 +------------------+
                                 | Root Collection  |
                                 |  bindings:       |
                                 |  CollX     CollY |
                                 +------------------+
                                    /              \
                                   /                \
                                  /                  \
               +--------------------------+   +-----------------+
               |      Collection C1       |   | Collection C2   |
               |      bindings:           |   | bindings:       |
               |     x.gif     y.gif      |   | x.gif     y.gif |
               +--------------------------+   +-----------------+
                       |         |                |         |
                       |         |                |         |
             +-------------+  +-------------+   +-------------+
             | Resource R1 |  | Resource R2 |   | Resource R3 |
             +-------------+  +-------------+   +-------------+

    A COPY of /CollX with Depth infinity to /CollY will not result in a
    changed hierarchy, and Resource R3 will be updated with the content
    of either Resource R1 or Resource R2.
-- snip --

(see also 
<http://greenbytes.de/tech/webdav/draft-ietf-webdav-bind-latest.html#example.copy.multiple.update>).

Feedback appreciated,

Julian

Re: Issue with non-aggregate abstract privileges and DAV:current-user-privilege-set

Bernard Desruisseaux wrote:
> In section 3 Privileges of RFC3744 
> <http://tools.ietf.org/html/rfc3744#section-3> it says:
> 
>     Aggregate and non-aggregate privileges are both capable of being
>     abstract.
> 
> but in section 5.4 DAV:current-user-privilege-set of RFC3744 
> <http://tools.ietf.org/html/rfc3744#section-5.4> it says:
> 
>     Therefore, each element in the DAV:current-user-privilege-set
>     property MUST identify a non-abstract privilege from the
>     DAV:supported-privilege-set property.
> 
> In a discussion amongst CalDAV implementors, it was brought up that the 
> above requirement would be problematic for implementations that supports 
> non-aggregate "abstract" privileges.
> 
> That is, an implementation that allows such a privilege to be set 
> individually on a resource (either by default or through a proprietary 
> mechanism) would not be allowed to report this privilege in the 
> DAV:current-user-privilege-set property.
> ...

Recorded as 
<http://greenbytes.de/tech/webdav/draft-reschke-rfc3744bis-latest.html#rfc.issue.5.4-current-user-privilege-set-vs-abstract>.

BTW: the server running the  ACL mailing list has been down for quite 
some time (*), so I recommend to move all ACL relations over here.

BR, Julian

(*) Hopefully it will be possible to resurrect the archives...