andthennothing.net

Just an update to an entry I posted some days ago, where I ranted a bit and touched upon Ruby on Rails getting support for Javascript generated POSTs on links. I didn’t see the problem back then, but today I understand a tad more learning that Flickr had a serious defect with GETs.

Eric Costello provided this enlighting quote on the Flickr API mailing list from the HTTP/1.1 RFC:

In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered “safe”. This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.

That makes sense, but it wasn’t something that I was actively aware of (I’m not a web developer, so I’m not too embarrassed). If this advice was followed, the hoopla about Google Web Accelerator “prefetched” naughty pages such as “delete this post” in WordPress would never have happened.

But I’m still not sure why you would like links that works as POSTs. Are FORMs too cumbersome? Perhaps it’s a brilliant idea but I don’t understand enough of the problem yet — still learning.

Note to self: use POST (or PUT/DELETE) when the state is changed on the server!

Looking at today’s Daily WTF is amusing, where VBScript is used in a tad unnecessary way. Using VB/javascript for something as basic as links makes me cringe. A few years back I read a bit about ASP.NET because it was new and for some reason I have been interested in web development frameworks for quite a while. But I didn’t like it, mostly due to its usage of javascript for links (that’s at least how I remember it, although my memory might be failing me and ASP.NET might have changed since).

Nowadays, Ajax is all the rage, and javascript gains popularity. I think that Ajax, à la Gmail, is nice and might have the possibility to transform the web experience to some degree. But still, I don’t like relying on something fragile as javascript for something basic and fundamental as sending and receiving information. The simplicity of HTML and http is, if you ask me, one of the main reasons of the success of the web.

When Gmail first came into beeing, it didn’t work on browsers that didn’t support XMLHttpRequest. Nowadays there is also support for other browsers. Backpack is another Ajaxy web application that doesn’t support browsers such as Opera. That makes me little nervous since Backpack has been the driving force of the Ajax support in Ruby on Rails. I really like RoR so I hope it doesn’t take a wrong turn. Even though I don’t fully understand the problem, javascript generated POSTs on links seems wrong.

I’m all for experimenting with Ajax to enhance the user experience, but if the browser doesn’t support what you are trying to do, you should degrade gracefully. Everything else is soo 1998!