Re: don't use POST for big GET [was: Dictionaries in HTML ] from Jeffrey Mogul on 1996-02-09 (ietf-http-wg@w3.org from January to March 1996)

From: Jeffrey Mogul <mogul@pa.dec.com>
Date: Fri, 09 Feb 96 11:07:23 PST
To: "Roy T. Fielding" <fielding@avron.ICS.UCI.EDU>
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <9602091907.AA07616@acetes.pa.dec.com>

    >> (A) We really need to specify either a maximum length for URLs,
    >> or that there is no such maximum.  The current situation allows
    >> for non-interoperable assumptions.
    > 
    > I have this down as an issue for the HTTP/1.0 document, as soon as
    > we can decide what the reasonable length limit is.
    
    No, absolutely not, and under no condition will that ever be acceptable
    to me as an implementor of HTTP systems.  It is backwards thinking.

Since I was the person who wrote "(A)" above, I think you have probably
misconstrued what I wrote.  I was NOT arguing in favor of a maximum
limit.  

What *I* think is absolutely unacceptable is that the current I-D
(as far as I can tell), does not specify whether there is a maximum
or not.  This can lead to an interoperable situation, where one
implementor assumes that there is no maximum, and another decides
to set a maximum that seems "reasonable" but is in fact too small.

In fact, it not only can happen, it *does* happen.  I've run across
it with a popular on-line service's browser and a popular search
engine's GET-based form.

My own preference is that the spec unamibiguously state that
    All client and proxy implementations MUST be able to handle a URL
    of any finite length (perhaps with a note that servers should be
    cautious about depending on lengths above 255 bytes).  Servers MUST
    be able to handle any URL that they explicitly provide (of course!)
    and SHOULD be able to handle URLs of unbounded length if they
    provide GET-based forms that can generate such URLs.
We should probably also recommend that form authors be cautious about
creating forms that would result in GET URLs above some limit (e.g.,
255 bytes), given that the world is not perfect.  But that might
be something for the HTML spec, rather than the HTTP spec?

    The maximum length of a URL is whatever the server wants it to be.

This is true but unless we specifically consider the case of
GET-based forms, it is not well-defined.  As far as I can tell,
there is no mechanism in HTML (and certainly none in HTTP) that
allows the server to tell a browser how to limit the size of
certain form elements (such as TEXTAREA), and perhaps that needs
fixing.

-Jeff

Received on Friday, 9 February 1996 11:19:58 UTC