W3C home > Mailing lists > Public > www-tag@w3.org > April 2002

RE: draft findings on Unsafe Methods (whenToUseGet-7)

From: Larry Masinter <LMM@acm.org>
Date: Tue, 16 Apr 2002 18:39:37 -0700
To: "'Dan Connolly'" <connolly@w3.org>, <www-tag@w3.org>
Message-ID: <009801c1e5b0$bc45a450$71432099@larrypad>
I'm going to repeat my point in a different way. I think
the conclusion is nonsense, because it is based on
incorrect reasoning. 

"GET/HEAD should be safe" does not imply
"all safe applications should use GET/HEAD".

It isn't sufficient to cause the latter statement
to be a "fundamental principle of the web" merely
by assertion. ("Because DC said it was so.")

In particular, there are other reasons for using POST,
namely that GET does not take a body, and trying to add
a body to GET requests would introduce significant
incompatibility. A "safe" operation which also involves
file upload, for example, should not encode the file
data in the URL.

The HTTP working group's conclusion on this topic over
a significant amount of discussion was that, if we
wanted to do anything about this, we should add the
"Safe:" result header. However, there was no consensus
that there was any desire to know whether POST methods
were Safe or not, so RFC 2310 remains as "Experimental".
Received on Tuesday, 16 April 2002 21:40:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:06 GMT