- From: Andrew Daviel <andrew@andrew.triumf.ca>
- Date: Wed, 2 Jul 1997 15:58:20 -0700 (PDT)
- To: Matthew Rubenstein <ruby@name.net>
- Cc: http-wg@cuckoo.hpl.hp.com
On Wed, 2 Jul 1997, Matthew Rubenstein wrote: > Submitting a <FORM> via GET is bad for several reasons. The insecurity of > the subsequent GET/HEAD/POST request's REFERER field containing information > intended to be private is an important consideration. It is also important > to realize that the info-encoded URL will likely be visible in the UA, in I think the convention is to use POST for submitting information and GET for queries (like search engines). POST results may not be cached; so if the result is a list of links, exploring several links in a simplistic manner may require re-posting the form data each time one goes back to the list - clearly an inefficient process. So GET is not always bad. Andrew (this was a real example from the IBM patent server, but I didn't investigate to check Expires headers, etc. Netscape 3.0 made me re-post)
Received on Wednesday, 2 July 1997 16:16:28 UTC