Ticket #4 (new enhancement)

Opened 10 years ago

Privileged first parameter

Reported by: smagi Owned by: smagi
Priority: major Component: clavis
Version: Keywords:
Cc:

Description

It would be convenient to fold the first parameter of a resource into the URL path itself. This would support wiki-like naming, so instead of /View?Page=FooBar? clients would see some varient of /View/FooBar.

However, since the URL path is part of the HMAC, this means the path component must be a protected parameter. However, it's more desirable if this component were unsafe/unprotected so clients could change it at will.

Furthermore, the first parameter of a resource must be the same across all continuation types it implements, and it cannot be an IEnumerable type.

Possible resolutions:

  1. Path is not included in the HMAC: this would allow illegal continuation applications, ie. moving query string from one continuation to another would be allowed, but be an error.
  2. Require a continuation value for validation: this is how it used to work before switching to purely URL-based validation. However, how would a Clavis HttpHandler? find and load the right continuation type given only the string? We can't know just by looking at the requested URL whether it's a continuation type that folds the first parameter into the path.
  3. Use a distinct character to delimit path from param, ie. /View:FooBar or /View-FooBar?. This makes it somewhat non-uniform with other URLs, but not entirely so, ie. Wikipedia talk page uses "/wiki/Talk:Subject". See:  http://stackoverflow.com/a/4669755/144873


I think #3 is the best option: unsafe integral first params can be folded into the URL path with a ":" delimiter. HMAC validation will simply skip all data between ":" and "?". Perhaps a different delimiter, like '-', will designate protected params which are included in the HMAC.

Or perhaps more convenient URLs can be controlled at a whole other layer, like with IIS URL rewriting?

Note: See TracTickets for help on using tickets.