W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2006

Re: Extension methods & XMLHttpRequest

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 12 Jun 2006 21:19:45 +0200
Message-ID: <448DBE51.8040207@gmx.de>
To: Jamie Lokier <jamie@shareable.org>
CC: "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>

Jamie Lokier schrieb:
> Julian Reschke wrote:
>> Jamie Lokier schrieb:
>>> ...
>>> In particular as you raise the point of POST requiring "user
>>> intervention", if there is really is a need for user intervention the
>>> recommendation ought to give guidance on what that means.
>>> ...
>> I guess what it means is that a user agent should not send a POST 
>> request unless the user has clicked on a button (something that stands 
>> out from a regular link). That's also why allowing form.submit or 
>> XHR.send() from within a script running "onload" is problematic.
> 
> What about a web-based instant messaging client, where the user types
> some text and it must be relayed to the server as it is typed, perhaps
> character by character?
> 
> There are basically two ways to do a "web application" like that now:
> GET or POST with client-side scripts.
> 
> My reading of the HTTP spec. says that POST should be used for those
> messages, because it's not fetching a resource, it's sending data to a
> resource to be processed.
> 
> In practice of course, the author will use whatever works, which often
> has to be GET for technical reasons.

Of course I'm not suggesting to use GET instead of POST (in case anybody 
thought that :-).

A key press *is* a user interaction, so sending a POST upon pressing a 
key doesn't seem to be a problem to me.

What I'm concerned with is people following a link, opening a web page, 
and a script doing a POST without *any* further user interaction.

Best regards, Julian
Received on Monday, 12 June 2006 19:19:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:44 GMT