- From: Larry Masinter <masinter@parc.xerox.com>
- Date: Sun, 15 Aug 1999 17:04:42 PDT
- To: "Jim Whitehead" <ejw@ics.uci.edu>, "John Stracke" <francis@ecal.com>, "WebDAV WG" <w3c-dist-auth@w3.org>
> Since some systems allow GET to perform non-safe, non-idempotent operations > via URL munging (e.g., http://www.docmgmtsys.com/doc-guid;action=CHECKOUT) > it seems to me the best a spec. can do is state what the intended behavior > is wrt safety and idempotence, and assume that people won't break it without > a very good reason. Yes, PROPFIND SHOULD be safe and idempotent, and PROPPATCH SHOULD be idempotent, under the sense of SHOULD (from RFC 2119): 3. SHOULD This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course. in the same way that HTTP 1.1 identifies this for GET and HEAD in RFC 2616: In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested. Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them. ....
Received on Sunday, 15 August 1999 20:05:01 UTC