Now I kind of GET it

posted Tue, 24 May 2005 23:37:00 GMT by Jonas Bengtsson

Just an update to an entry I posted some days ago, where I ranted a bit and touched upon Ruby on Rails getting support for Javascript generated POSTs on links. I didn’t see the problem back then, but today I understand a tad more learning that Flickr had a serious defect with GETs.

Eric Costello provided this enlighting quote on the Flickr API mailing list from the HTTP/1.1 RFC:

In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered “safe”. This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.

That makes sense, but it wasn’t something that I was actively aware of (I’m not a web developer, so I’m not too embarrassed). If this advice was followed, the hoopla about Google Web Accelerator “prefetched” naughty pages such as “delete this post” in WordPress would never have happened.

But I’m still not sure why you would like links that works as POSTs. Are FORMs too cumbersome? Perhaps it’s a brilliant idea but I don’t understand enough of the problem yet — still learning.

Note to self: use POST (or PUT/DELETE) when the state is changed on the server!

Comments Zero comments

Comments

Respond

This is where you come in. Please leave a comment whether you agree, disagree or none of the above.

(required)

(to your blog or homepage)

(won't be shown nor shared)


  Preview