W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: Proposal: Is OPTIONS Safe? [#171]

From: Julian Reschke <julian.reschke@gmx.de>
Date: Mon, 27 Jul 2009 16:39:34 +0200
Message-ID: <4A6DBC26.1060900@gmx.de>
To: Mark Nottingham <mnot@mnot.net>
CC: HTTP Working Group <ietf-http-wg@w3.org>
Mark Nottingham wrote:
> No objections, and I note that 2616 already says in 9.1.2:
> 
> "Also, the methods OPTIONS and TRACE SHOULD NOT have side effects, and 
> so are inherently idempotent."
> 
> Julian, please go ahead.
> ...

OK, the simplest way to fix this is to add OPTIONS and TRACE to the 
enumeration in P2, 7.1.1, so that it becomes:

    In particular, the convention has been established that the GET,
    HEAD, OPTIONS, and TRACE methods SHOULD NOT have the significance of
    taking an action other than retrieval.  These methods ought to be
    considered "safe".  This allows user agents to represent other
    methods, such as POST, PUT and DELETE, in a special way, so that the
    user is made aware of the fact that a possibly unsafe action is being
    requested.

(see 
<http://trac.tools.ietf.org/wg/httpbis/trac/attachment/ticket/171/171.diff>).

An alternative requiring more work would be to add statements about 
safeness and idempotency to each method description.

In the absence of feedback I'll proceed with the simple solution soonish.

BR, Julian
Received on Monday, 27 July 2009 14:40:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:08 GMT