RESTful Web Services by Leonard Richardson, Sam Ruby This errata page lists errors outstanding in the most recent printing. If you have technical questions or error reports, you can send them to booktech@oreilly.com. Please specify the printing date of your copy. This page was updated May 21, 2008. Here's a key to the markup: [page-number]: serious technical mistake {page-number}: minor technical mistake : important language/formatting problem (page-number): language change or minor formatting problem ?page-number?: reader question or request for clarification Confirmed errors: The book describes the Amazon S3 authorization scheme in the wrong terms. Instead of public-key cryptography, S3 uses HMAC, a symmetric-key algorithm. This doesn't affect the code: I just used the wrong concept to explain the code. Throughout the code in chapter 3, @@public_key should be @@access_key_id and @@private_key should be @@secret_access_key. The first two lines of the comment under "module Authorized" on page 56 should look like this: # Enter your public identifier (Amazon calls it an "Access Key ID") # and your secret key (Amazon calls it a "Secret Access Key"). This is # ... Also on page 56, make this change to the paragraph atop "The Bucket List": Every request you make must be cryptographically signed with your secret key (Amazon calls it a "Secret Access Key") so that Amazon knows it's really you. The secret key is shared between you and Amazon, and you should never reveal it to anyone else. If you do, the person you reveal it to... (xviii) 4th paragraph, last sentance; "this book will show you to do it" should read "this book will show you how to do it" (xix) "It shows" -> "We show" (13) "Starting in chapter 5" -> "Starting in chapter 4" "In Resource-Oriented Architectures" -> "In resource-oriented architectures" <17> "Split the Data Set into Resources [115]" -> "chapter 5" (17) 2nd Paragraph, 1st Sentance; "happen to live into the URI portion" should read "happen to live in the URI portion" (18) "a RESTful web services" -> "a RESTful web service" (27) "under same rules" -> "under the same rules" (28) The sentences starting "The del.icio,.us web service sends back..." should go between example 2-2 and example 2-3. ?31? The sentence "I've added two keyword arguments to open: :method" is confusing because there are two colons next to each other, and it looks like a Ruby method called open::method. Rephrase to "I've added two keyword arguments to open. They are :method..." Strike the line "require 'rubygems'" from example 2-4. (35) top third of page; /** * A command-line application that fetches bookmarks from del.icio.us * and prints them to strandard output. */ strandard --> standard (38) "Basic HTTP, GET, and POST" -> "Basic HTTP GET and POST" {45} Example 2-3; the line between the two "alert" calls should not be indented any more than the lines that surround it. That is, alert( json = alert( (49) "defects the RPC style" -> "defects to the RPC style" {51} "Object.value=" -> "S3Object.value=" (55) "39 official HTTP" -> "41 official HTTP" (58) "Now, as shown in Example 3-6, let's write the S3::Bucket class," -> "Now, let's write the S3::Bucket class (Example 3-6)," (65): "This is a job for public-key cryptography" -> "S3 solves this problem using a message authentication code (MAC)". your "private" key (remember, not truly private: Amazon knows it too)" -> your secret key (remember, the secret is shared between you and Amazon) Only someone with the "private" key -> Only someone who knows the secret revealing your "private" key -> revealing the secret know your "private" key -> know your secret (66) signs it (again, Amazon has a copy of your "private"key) -> signs it (again, Amazon knows your secret key) (82) "in Preface" -> "in the Preface" (83) "Name the Resources" section. -> "Name the Resources" section of chapter 5. {88} Figure 4-1; Two of the arrows in Figure 4-1 are wrong. The arrow going from "Initial State" to "'mice', page 2" should have a solid line and be labeled "Request". The arrow going back from 'mice', page 2" to "Initial State" should have a dotted line and be labeled "Response". (89) Line 2; "neccessary" -> "necessary" (89): "start=50, and" -> "start=500, and" The two sentence beginning "However, there is something unRESTful" should be put into parentheses or made into a footnote. "The Trouble with Cookies" should include a reference to the chapter in which it's found: chapter 8. (89) Third complete paragraph; "addressabile" -> "addressable" (90) "bits of client state" -> "bits of application state" "process it" -> "process the request" "That's client state:" -> "That's application state:" (90) last paragraph, 3rd sentence; "and the server restricts" -> "and the server" (91) Last paragraph; "unneccessary" -> "unnecessary" (95) 1st paragraph; 'cache of the extrenal page' must be cache of the external page (98) "saw the HEAD method" -> "You saw the HEAD method" (98) 2nd paragraph; It looks like there is a missing line or two. The 2nd paragraph (after 2 dot points) starts in mid sentence: "saw the HEAD method exposed by the S3 service's resources in Chapter 3 (101) "accepts POST requests" -> "accepts a POST request" (102) "Multiplying by any other number" -> "Multiplication by any other number" (103) "50" -> "-50" {109-110}. The given procedure for turning requirements into read-only resources is exactly the same as the procedure given in chapter 6. It should be a slightly simpler procedure. As printed, steps 4 and 6 are unnecessary for read-only resources. They should be omitted. The procedure should have seven steps as follows: 1. Figure out the data set 2. Split the data set into resources For each kind of resource: 3. Name the resources with URIs 4. Design the representation(s) served to the client 5. Integrate this resource into existing resources, using hypermedia links and forms 6. Consider the typical course of events: what's supposed to happen? 7. Consider error conditions: what might go wrong? > resources is exactly the same as the procedure given in chapter 6. It > should be a slightly simpler procedure. As printed, steps 4 and 6 are > unnecessary for read-only resources. They should be omitted. The > procedure should have seven steps as follows: Correction to the correction: steps 4 and _5_ are the unneccesary ones. (112) Split the Data Set into Resources, first paragraph, 3rd line; Anything that might be refereed to by name ought... should be: Anything that might be refered to by name ought... (121): The footnote should be attached to "detailed", not "get." (5.5.3) 2nd to last paragraph; Paragraph has double quotes after the '4' that should be removed: In Section 5.4" Corresponds to page 123 of print book. Problem is only in Safari version. (128, 129): Both figures should say "(Image data courtesy Google Maps") (129) "directly to the east" -> "the part directly to the east" (148) "steps 3 and 4" -> "steps 4 and 5" (167) "ang architecture" -> "an architecture" (176) mid page; "if you know one you can calculate the other" -> "if you know the former you can calculate the latter". (179) The last sentence of the section "The Leftovers" contains a redundant "of". [183] Example 7-4 All the end tags are , rather than matching the opening tag. Should be: Leonard Richardson leonardr@example.com mypassword (184) General Note, 1st paragraph; ...reimplements something you can already, do... should be ...reimplements something you can already do... (without comma) (187) The last sentence of the 4th paragraph missed a period at the end of the sentence after "more generally". (201) the second sentence in the last paragraph "I can get this data fairly easily with ActiveResource, and format it as a representation with to_xml__but what about security__?" There should be a comma before "but what about security". (202) Example 7-20, The second line the of comment This PUT handler is a little __tricker__ than others, .... should be "trickier" actually. (217) Third line of fourth paragraph; "Atome" -> "Atom" (219) see "Overloading POST -> see "Overloading POST" below (235) The sentence starting "Except for the protocol change..." should be in parentheses. (237) "URI templates" -> "URI Templates" (248) "about it use" -> "about its use" (249) "If the client then..." -> "If a client" "from resource is" -> "from http://www.example.com/resource is" (254) the last sentence put this token the Authorization header -> put this token IN the Authorization header (259) the first sentence of the last paragraph A new line should be inserted after the Media type line. (262) Paragraph following "rel-nofollow" line; "neccessarily" -> "necessarily" (271)The sentence starting "The Universal Encoding..." should be a footnote or else put in parentheses. (272) "if you're using UTF-16" -> "UTF-16" {274} 5th paragraph, last sentence; WRONG: "...should now result in a response code of 310 ("Moved Permanently")..." RIGHT: "...should now result in a response code of 301 ("Moved Permanently")..." (285) 'https://s3.amazonaws.com/, and then the bucket name' should be in quotes. (289) "content type" should be "media type" throughout. (292) Indentation in example 9-10 is off. The second tag should be beneath its enclosing tag, and the tag should be beneath its enclosing tag. (293) Similarly for Example 9-11. The tags should be indented beneath their enclosing tags. (307) "It abstracts away" -> "They abstract away" (317) "this next." -> "this later." (322) "The chart below has the details, but" Strike. There is no chart. (331) Paragraph "There's also an insecure method" should be in parentheses. (340) "GET, POST, and/or DELETE" -> "GET, PUT, and/or DELETE" (341) "six standard methods" -> "five standard methods" "PUT /weblogs/{ID}: Delete a weblog" "PUT" should be "DELETE" (365) "few resources of your own" -> "few new resources" (384) "their request" -> "the request" (394) "popular response header" -> "popular request header" (396) Second paragraph; "take the value of Expires should as a rough guide" -> "take the value of Expires as a rough guide". (396) "described next" -> "described later"