Re: REPOST (was: HTTP working group status & issues) from Roy T. Fielding on 1996-10-09 (ietf-http-wg@w3.org from October to December 1996)

From: Roy T. Fielding <fielding@liege.ICS.UCI.EDU>
Date: Tue, 08 Oct 1996 18:30:52 -0700
To: Koen Holtman <koen@win.tue.nl>
Cc: Foteos Macrides <MACRIDES@sci.wfbr.edu>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9610081830.aa28078@paris.ics.uci.edu>

>>        It might be better, then, if Roy and Koen finished their
>>discussion of what we have term the "rel=source alternative",
> 
> I too have been waiting for Roy (or Larry) to comment on my objections
> to rel=source.  I have been thinking about writing a `safe: yes'
> mini-ID in case nobody else volunteers, but would like to see the
> `rel=source' issue settled first.

Your objection was that returning a safe URL for the redo, as opposed
to an indication that the form data is safe to be reposted, is too much
of a burden on CGI authors.

My response is that I don't care -- CGI authors will need to do at least
that much work, if not more, to ensure that the POST action is indeed
safely repost-able, and having them actually decode the semantics of
the original request is the best way to ensure that.  Lazy CGI developers
create security holes and protocol meltdown, so I have no desire to
coddle to their needs.  People who don't want to do the work can just
live with the annoying "do you really want to repost this form?" query --
there is no loss of functionality.  The side benefit is the definition
and implementation of various forms of Link, which is something we need
for almost every major enhancement currently under discussion for the Web
(collaboration, annotation, link maintenance, style sheets, ...).

I have no interest in discussing any lesser issue -- my only purpose in
discussing this one was to inform folks on the variety of ways that
were already defined to do the same thing.  Once you know what options
are available, there's not much else I can contribute to the discussion.

I don't see any reason to standardize something that is no more than a
midnight hack, at least until someone convinces the midnight hackers
out there to implement it.  Either way, it isn't something I'm willing
to spend time on, nor is it necessary for me, or even the IETF, to approve
of something before it is implemented in practice.

Cheers,

 ...Roy T. Fielding
    Department of Information & Computer Science    (fielding@ics.uci.edu)
    University of California, Irvine, CA 92697-3425    fax:+1(714)824-4056
    http://www.ics.uci.edu/~fielding/

Received on Tuesday, 8 October 1996 18:36:04 UTC