- From: Henrik Frystyk Nielsen <frystyk@w3.org>
- Date: Mon, 19 Jun 1995 14:18:41 -0400
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, dwm@shell.portal.com
> It seems to me that default should be to inherit the method. Then define > an option to alter the method. (is that '303 Method'?). There should > probably be a SAFE set of method changes which the UA could simply > perform (POST -> (GET | HEAD) and others which would require the > end user to approve (* -> DELETE) some or all of the time. Even > inheriting the METHOD might require approval on some re-directs. In my opinion any change in the conditions for a non-idempotent method should be advertised to the user, including redirections. > Alternatively, the server(s) which did the redirect might be > identified to the server receiving the redirected request.. I'm > beginning to sense some real security nightmares best left to the > next version of the standard for carefully thoughout specification. That's why I think that it actually is easier to have a separate status code for when the method has changed. Then (old) clients will not accidently do the wrong thing. -- Henrik Frystyk frystyk@W3.org World-Wide Web Consortium, Tel + 1 617 258 8143 MIT/LCS, NE43-356 Fax + 1 617 258 8682 77 Massachusetts Avenue Cambridge MA 02154, USA
Received on Monday, 19 June 1995 11:23:01 UTC