Re: REPOST (was: HTTP working group status & issues) from Koen Holtman on 1996-10-09 (ietf-http-wg@w3.org from October to December 1996)

From: Koen Holtman <koen@win.tue.nl>
Date: Wed, 9 Oct 1996 10:48:13 +0200 (MET DST)
To: "Roy T. Fielding" <fielding@liege.ICS.UCI.EDU>
Cc: koen@win.tue.nl, MACRIDES@sci.wfbr.edu, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <199610090848.KAA07556@wsooti15.win.tue.nl>

Roy T. Fielding:
>
  [Koen:]
>>  I have been thinking about writing a `safe: yes'
>> mini-ID in case nobody else volunteers, but would like to see the
>> `rel=source' issue settled first.
>
>Your objection was that returning a safe URL for the redo, as opposed
>to an indication that the form data is safe to be reposted, is too much
>of a burden on CGI authors.

Yes, that was my main objection.

>My response is that I don't care -- CGI authors will need to do at least
>that much work, if not more, to ensure that the POST action is indeed
>safely repost-able,

Nonsense.  Many POST actions are safe by nature, and if POST is to be
used for i18n, many more will be.  Examples are POSTs to search
engines and to HTML checkers with a forms interface.

[....]
>The side benefit is the definition
>and implementation of various forms of Link, which is something we need
>for almost every major enhancement currently under discussion for the Web
>(collaboration, annotation, link maintenance, style sheets, ...).

I care little about the side benefits on the status of Link.  I want
something which promotes i18n, and `safe: yes' is better at that.

>I have no interest in discussing any lesser issue 

I don't think i18n is a lesser issue.

>-- my only purpose in
>discussing this one was to inform folks on the variety of ways that
>were already defined to do the same thing.

So tell me where to look for the existing definition of `rel=source',
like I asked.  I might even copy it into the `safe: yes' ID.

[....]
>I don't see any reason to standardize something that is no more than a
>midnight hack, at least until someone convinces the midnight hackers
>out there to implement it.  Either way, it isn't something I'm willing
>to spend time on, nor is it necessary for me, or even the IETF, to approve
>of something before it is implemented in practice.

_Some_ headers can be deployed without IETF action, but `safe: yes' is
not one of them.  As long as `safe: yes' is not approved by the IETF,
any browser which uses it as a license to treat a POST as safe would
be clearly non-conformant to the 1.1 protocol.

>Cheers,
>
> ...Roy T. Fielding

Koen.

Received on Wednesday, 9 October 1996 02:03:11 UTC