W3C home > Mailing lists > Public > public-html@w3.org > February 2010

Re: Zero-edits Counter Proposal for Issues 1 and 2 (Ping)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 17 Feb 2010 15:18:15 +0100
Message-ID: <4B7BFAA7.4050901@gmx.de>
To: "Tab Atkins Jr." <jackalmage@gmail.com>
CC: public-html@w3.org
On 15.02.2010 16:48, Tab Atkins Jr. wrote:
> ...
>> Also, as described in ISSUE-1, ping's use of POST causes an
>> unsafe method to be used in response to a safe activation request,
>> in violation of the method constraints that have been part of
>> Web architecture since 1992.
> POST is the correct method to use to reflect @ping's semantics.
> ...

It's not! It is!

Not helpful.

Citing Roy again:

"The actions generated by a user agent should be consistent
with the actions selected by the user.  That is why TimBL had an axiom
about GET being safe -- clicking on a link (or a spider wandering
around) must be translated into a safe network action because to do
otherwise would require every user to know the purpose of every
resource before the GET.  It follows, therefore, that the UI for a
user action that is safe (a link) must be rendered differently from
all other actions that might be unsafe.

In short, if the UI is being presented as a normal link, then the
HTTP methods resulting from the user's selection must all be safe
(GET/HEAD/OPTIONS/etc.).  While some user agents may already fail
to protect the user in that regard, that is not an excuse to add
another broken feature to the standard. Implementors are responsible
for their own implementations.  We are only responsible for the
standards by which those implementations are judged broken."

So, *if* you want to "ping" a server, better use a method defined to be 
safe. BTW: this doesn't rule out defining a new method.

 > ...

Best regards, Julian
Received on Wednesday, 17 February 2010 14:18:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:17:02 GMT