W3C home > Mailing lists > Public > www-archive@w3.org > July 2008

please use http POST to confirm accounts

From: Gerald Oskoboiny <gerald@impressive.net>
Date: Thu, 10 Jul 2008 14:44:13 -0700 (PDT)
Message-ID: <f8f63674-0a3f-4e87-b314-88064a650d90@r66g2000hsg.googlegroups.com>
To: FriendFeed <friendfeed@googlegroups.com>
Cc: www-archive@w3.org

Hi,

I just signed up for a FriendFeed account and when I clicked on the
link to verify my email address it automatically confirmed my account.

Instead of confirming the account immediately you should display a
short web form that the user must POST to confirm; using HTTP GET for
this violates the HTTP and HTML standards.

Further reading on GET vs POST:

    URIs, Addressability, and the use of HTTP GET and POST
    http://www.w3.org/2001/tag/doc/whenToUseGet.html

    Forms: GET and POST
    http://www.w3.org/Provider/Style/Input

    Axioms of Web architecture: Identity, State and GET
    http://www.w3.org/DesignIssues/Axioms#state

    HTTP 1.1 section 9.1: Safe and Idempotent Methods
    http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1

    HTML 4.01 section 17.13: Form submission
    http://www.w3.org/TR/html4/interact/forms.html#h-17.13

thanks!
Received on Thursday, 10 July 2008 22:34:22 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 7 November 2012 14:18:18 GMT