Sending Messages Using M-POST

You can restrict messages coming through a firewall or a proxy server by using the MPOST method instead of POST. M-POST is a new HTTP method defined using the HTTP Extension Framework located at http://www.w3.org/Protocols/HTTP/ietf-ext-wg. This method is used when you are including mandatory information in the HTTP header, just as you used the mustUnderstand attribute in the SOAP header element.

As we mentioned, SOAP supports both POST and M-POST requests. A client first makes a SOAP request using M-POST. If the request fails and either a 501 status code (Not Implemented status message) or a 510 status code (Not Extended status message) returns, the client should retry the request using the POST method. If the client fails the request again and a 405 status code (Method Not Allowed status message) returns, the client should fail the request. If the returning status code is 200, the message has been received successfully. Firewalls can force a client to use the M-POST method to submit SOAP requests by blocking regular POSTs of the text/xml-SOAP content type.

If you use M-POST, you must use a mandatory extension declaration that refers to a namespace in the Envelope element declaration. The namespace prefix must precede the mandatory headers. The following example illustrates how to use M-POST and the mandatory headers:

  M-POST /Order HTTP/1.1
  Host: www.northwindtraders.com
  Content-Type: text/xml
  Content-Length: nnnn
  Man: "http://schemas.xmlsoap.org/soap/envelope; ns=49"
  49-SOAPAction: "urn:northwindtraders.com:PO#UpdatePO"

The Man header maps the URI http://schemas.xmlsoap.org/soap/envelope to the header prefix 49. Any header that has a prefix of 49 will be associated with this URI and will therefore be a mandatory header. In this case, the SOAPAction will be associated with the URI and is a mandatory header.

If you use M-POST and do not have any mandatory header elements, an error will occur, resulting in either a 501 or 510 status code.