World: r3wp

the info? function appears to send a http HEAD to a URL, but the 
http protocol doesn't appear to allow a user to send a HEAD.
So, how does info? do it?

INFO? uses QUERY, and QUERY's behaviour on a port is defined in the 
port's scheme (in this case the HTTP port scheme).

The QUERY function in the HTTP scheme just sets a flag  querying: 
true  and calls OPEN on the port, so the query behaviour is an   
internal behaviour (closed source).

Just wondering how it can set the querying flag to true before opening 
the port ...

Anton, the source to OPEN is there, so no, it's not closed source. 
:) QUERY on HTTP does a HEAD request.

Graham: if your port is already open, query just returns the information 
that is already available. if the port is not open, query does a 
HEAD instead to just get the information it needs. the same code 
as open is reused.

I don't remember if it's possible to do open/custom ... [method HEAD] 
or something like that.

I couldn't see a way to do that with the standard http protocol

I can see where it checks to see if querying is true or not to decide 
whether to use 'GET or 'HEAD

just not clear how this is invoked

Just wondering is there a way where I can continue with the next 
round from inside a FOREACH, REPEAT etc. loop?

Gabriele, I was half-waiting for your admonishment. :)

Graham, hang on, I think I do something like that in my batch-download 
function.

No... or was it with that experimental FTP stuff I did...

Graham,

 port: make port! [scheme: 'http host: "rebol.com" target: "index.html"]
	query port
then
	probe port/size
	porbe port/date
	probe port/locals/headers
make some decision
	open port
etc..
	close port

Robert, you can do it using
	loop 1 [
		if cond [break]  ; (Continue)
	]
eg.
	foreach word [a b c][
		loop 1 [
			if word = 'b [break] ; (Continue)
			print word
		]
	]

Outputs:
a
c

Or wait for REBOL3 and use CONTINUE :)

Anton, ah, tricky. Using a wrapper loop. Nice.

Thanks .. I shall try

Gabriele, where do we access the R2 OPEN native function source? 
I had a look in DevBase and didn't see it there.

(This is just out of curiosity; enough mezz source is available for 
Graham's question.)

OPEN native is just a shortcut for INIT then OPEN functions in the 
scheme handler. For example :
>> help system/schemes/http/handler

I've patched my version of the http protocol http://rebol.wik.is/Protocols/Http
so that I can more easily issue a head command

so I can do this ... read/custom url [ HEAD "" ]


which is more like exists? for a url, and returns an error if it 
ain't there.

The problem with query on a port is that I can't send custom authentication 
headers that might be needed.  This way I can.

In particular I need to check for the existence of a S3 object which 
needs authentication to access.

Anton, if you have the SDK, it's prot-root.r and prot-http.r. Those 
files should also be on DevBase IIRC.

Ok I found them, thankyou Gabriele.

How do you "read" a network drive in windows? I can a: read %/c/ 
 but when it's a network drive it doesn't work.

>> to-rebol-file "\\path\to\rebol\"
== %/path/to/rebol/

Thanks Graham. User error on my part. I can "read" now. I was wondering 
though if I have just the computer name and not a folder name I get 
an error. In other words, list-dir to-rebol-file "\\xyz\myfolder" 
is OK but not list-dir to-rebol-file "\\xyz\" doesn't.

Anyone know how to calculate HMAC-SHA256 ?

Ok, I'm guessing no one knows the answer to this one!

you mean, in rebol code? i suspect that would be rather slow :) I 
think maarten is calling out to openssl.

Yes, in REBOL code.  I guess stick to hmac-sha1

This is one of these annoying issues that should be "fixed" with 
the http protocol.

>> read http://remr.s3.amazonaws.com/20090806.7z
connecting to: remr.s3.amazonaws.com

** User Error: Error.  Target url: http://remr.s3.amazonaws.com/20090806.7z
could not be retrieved.  Server response: HTTP/1.0 403 Forb

But if I do a wireshark trace, I see this

GET /20090806.7z HTTP/1.0
Accept: */*
Connection: close
User-Agent: REBOL View 2.7.6.3.1
Host: remr.s3.amazonaws.com

HTTP/1.0 403 Forbidden
Date: Sat, 08 Aug 2009 21:08:07 GMT
Content-Type: application/xml
x-amz-request-id: D03B3FA12CC875D5

x-amz-id-2: u3b7TkPzJc5NBwvov4HRQuMsCsosD7le9xfRMSGiCN2BXgeae6kKMVQAbhzqRDwY
Server: AmazonS3
Via: 1.1 nc1 (NetCache NetApp/6.0.5P1)

<?xml version="1.0" encoding="UTF-8"?>

<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D03B3FA12CC875D5</RequestId><HostId>u3b7TkPzJc5NBwvov4HRQuMsCsosD7le9xfRMSGiCN2BXgeae6kKMVQAbhzqRDwY</HostId></Error>

So, the http protocol is getting all of this information, but is 
throwing it away and only raising an error.

I'm going to add 

403 success 


to the prot-http.r response-actions to see if there are no side effects.

and while I'm at it ..

400 success ; bad request

No, the HTTP scheme is working correctly. AWS' behavior is non-standard, 
so it requires some level of custom programming. R3's scheme allows 
you to handle cases like this at a lower level for example, but by 
default it can't do better than that.

this is http 1.0 http://www.w3.org/Protocols/HTTP/1.0/spec.html#Code403

403 Forbidden


The server understood the request, but is refusing to fulfill it. 
Authorization will not help and the request should not be repeated. 
If the request method was not HEAD and the server wishes to make 
public why the request has not been fulfilled, it should describe 
the reason for the refusal in the entity body. This status code is 
commonly used when the server does not wish to reveal exactly why 
the request has been refused, or when no other response is applicable.

The pertinent line in this is "it should describe the reason for 
the refusal in the entity body." so it looks to me that AWS's behaviour 
does conform to the standard as it is supplying the reasons in  the 
entity body.

Anyway, making the above patch now returns the error in the body 
where I want it .. though don't necessarily need it!

I'm more interested in debugging bad requests ... where Amazon explains 
the reasons for the bad request in the body returned.

Maybe there should be a default behaviour which is what it is now, 
and another behaviour where one can specify which  codes are not 
be flagged as user errors?

or pehaps an object mode where the whole http response is returned 
as a rebol object

Authorization will not help
. And you think AWS conforms to the standard? :-)

I don't criticize them for not conforming, HTTP is missing decent 
auth mechanisms. But still, that is an error, and should behave, 
by default, as an error. As I said above, for special cases you need 
to override the default behavior. I think that the header and request 
body shoud be available in the port, but it should still throw an 
error.

I can understand the philosophical reasons why you consider it an 
error ... but there are practical reasons also to not consider them 
errors.

http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html#AuthProcess


At the bottom of this page, the Google authentication API can provide 
a 403 response as this example below

HTTP/1.0 403 Access Forbidden
Server: GFE/1.3
Content-Type: text/plain
	
Url=http://www.google.com/login/captcha
Error=CaptchaRequired
CaptchaToken=DQAAAGgA...dkI1LK9

CaptchaUrl=Captcha?ctoken=HiteT4b0Bk5Xg18_AcVoP6-yFkHPibe7O9EqxeiI7lUSN