W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Re: Is OPTIONS Safe?

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Mon, 15 Jun 2009 15:25:27 +0200
To: Julian Reschke <julian.reschke@gmx.de>
Cc: Mark Nottingham <mnot@mnot.net>, John Kemp <john@jkemp.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1245072327.5797.24.camel@localhost.localdomain>
ons 2009-06-03 klockan 07:28 +0200 skrev Julian Reschke:
> Mark Nottingham wrote:
> > Yes, that's what I'm suggesting.
> > 
> > Cheers,
> We already state that in Part 2, Section 10.1, but that is only the IANA 
> registration 
> (<http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-06.html#rfc.section.10.1>)...
> So yes, the method description should state that as well.
> What about TRACE then (which is the 4th candidate)?


All methods which should not have any noticeable side effects is safe. 

TRACE by definition never should have side effects, nor should OPTIONS.

GET/HEAD should not have side effects, but often have anyway, but that's
besides the point. A server which barfs in some way if it gets the exact
same GET/HEAD request twice is technically not HTTP compliant, but in
reality nobody is going to care much about that.

Received on Monday, 15 June 2009 13:26:06 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 1 October 2015 05:36:34 UTC