Hi, I just signed up for a Google Groups account, and noticed that the signup process violates the HTTP protocol. The message I received (attached) said: > You are receiving this email because you have signed up to post to > Usenet through Google Groups. Please visit the following URL to verify > that we have your correct email address: > > http://posting.google.com/post/v-4ea9asdfasdfasdf/ > > Clicking on the link above will activate your account; you will then be > able to begin posting. Thank you for using Google Groups! and when I accessed that link, it automatically confirmed my account. This violates the HTTP protocol; retrieving a URI (i.e., an HTTP GET) should not have side effects like confirming a registration; you should use HTTP POST for that. Further reading on GET vs POST: Forms: GET and POST http://www.w3.org/Provider/Style/Input Axioms of Web architecture: Identity, State and GET http://www.w3.org/DesignIssues/Axioms#state HTTP 1.1 section 9.1: Safe and Idempotent Methods http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1 HTML 4.01 section 17.13: Form submission http://www.w3.org/TR/html4/interact/forms.html#h-17.13 -- Gerald Oskoboiny <gerald@impressive.net> http://impressive.net/people/gerald/
attached mail follows:
You are receiving this email because you have signed up to post to Usenet through Google Groups. Please visit the following URL to verify that we have your correct email address: http://posting.google.com/post/v-4ea9asdfasdfasdf/ Clicking on the link above will activate your account; you will then be able to begin posting. Thank you for using Google Groups! Your login: gerald@impressive.net Sincerely, The Google Team If you have not requested this account please ignore this email.Received on Friday, 19 October 2001 17:42:37 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 July 2008 08:08:28 GMT