W3C home > Mailing lists > Public > public-html@w3.org > February 2010

Re: CfC: Adopt ISSUE-1 PINGUI / ISSUE-2 PINGPOST Change Proposal to remove @ping from HTML5

From: Jonas Sicking <jonas@sicking.cc>
Date: Tue, 23 Feb 2010 20:08:38 -0800
Message-ID: <63df84f1002232008g322015epf543b76cc8a3adb8@mail.gmail.com>
To: Maciej Stachowiak <mjs@apple.com>
Cc: "public-html@w3.org WG" <public-html@w3.org>
On Tue, Feb 23, 2010 at 7:48 PM, Maciej Stachowiak <mjs@apple.com> wrote:
>
> On Feb 23, 2010, at 7:27 PM, Jonas Sicking wrote:
>
>> On Tue, Feb 23, 2010 at 6:38 PM, Maciej Stachowiak <mjs@apple.com> wrote:
>>>
>>> The original Change Proposal for these two issues proposed removing the
>>> <a
>>> ping> attribute and associated hyperlink auditing feature. Although we
>>> had a
>>> counter-proposal, we now seem to have consensus that it is ok to drop
>>> this
>>> feature from HTML5. Thus, we should adopt the Change Proposal to remove
>>> the
>>> feature. The feature could still be proposed again for a later issue of
>>> HTML, or the issue could be re-raised if new information is provided
>>> (such
>>> as implementation experience  or server-side deployment experience.)
>>>
>>> If there are no objections, these two issues will be closed on March 2,
>>> 2010.
>>>
>>> http://dev.w3.org/html5/status/issue-status.html#ISSUE-001
>>> http://www.w3.org/html/wg/tracker/issues/1
>>> http://dev.w3.org/html5/status/issue-status.html#ISSUE-002
>>> http://www.w3.org/html/wg/tracker/issues/2
>>
>> My understanding is that one of the objections to keeping @ping in the
>> spec is that HTTP requires that POST requests are not made by the UA
>> unless this has been made clear to the user that this is happening.
>> I.e. that the HTTP spec requires some type of UI. And since @ping will
>> use a UI very similar to "ping less" links, this would then be counter
>> to the requirements in the HTTP spec.
>
> As far as I am aware, HTTP has no such UI requirement for initial requests,
> only for redirects. It does have some non-normative advice on the
> non-redirect case but no actual requirements for UAs.
>
>> Is this a correct understanding? The question is directed towards the
>> people that have been arguing for @ping to be removed from HTML5.
>>
>> If a future version of HTTP, such as the in progress HTTPbis, was
>> released and removed this UI requirement, would that remove that
>> specific objection?
>
> I don't think that argument was ever grounded in what the HTTP spec actually
> requires, but perhaps its proponents could clarify that position.

Some quotes from the change proposal:

]] Also, as described in ISSUE-1, ping's use of POST causes an
unsafe method to be used in response to a safe activation request,
in violation of the method constraints that have been part of
Web architecture since 1992. [[

]] clicking on a link (or a spider wandering
around) must be translated into a safe network action because to do
otherwise would require every user to know the purpose of every
resource before the GET.  It follows, therefore, that the UI for a
user action that is safe (a link) must be rendered differently from
all other actions that might be unsafe [[

]] In short, if the UI is being presented as a normal link, then the
HTTP methods resulting from the user's selection must all be safe
(GET/HEAD/OPTIONS/etc.) [[

(I hope I'm not quoting out of context somehow, everyone is encouraged
to read the change proposal at
http://lists.w3.org/Archives/Public/public-html/2009Dec/0183.html)

/ Jonas
Received on Wednesday, 24 February 2010 04:09:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:17:02 GMT