- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Mon, 12 Jun 2006 21:19:45 +0200
- To: Jamie Lokier <jamie@shareable.org>
- CC: "Roy T. Fielding" <fielding@gbiv.com>, HTTP Working Group <ietf-http-wg@w3.org>
Jamie Lokier schrieb: > Julian Reschke wrote: >> Jamie Lokier schrieb: >>> ... >>> In particular as you raise the point of POST requiring "user >>> intervention", if there is really is a need for user intervention the >>> recommendation ought to give guidance on what that means. >>> ... >> I guess what it means is that a user agent should not send a POST >> request unless the user has clicked on a button (something that stands >> out from a regular link). That's also why allowing form.submit or >> XHR.send() from within a script running "onload" is problematic. > > What about a web-based instant messaging client, where the user types > some text and it must be relayed to the server as it is typed, perhaps > character by character? > > There are basically two ways to do a "web application" like that now: > GET or POST with client-side scripts. > > My reading of the HTTP spec. says that POST should be used for those > messages, because it's not fetching a resource, it's sending data to a > resource to be processed. > > In practice of course, the author will use whatever works, which often > has to be GET for technical reasons. Of course I'm not suggesting to use GET instead of POST (in case anybody thought that :-). A key press *is* a user interaction, so sending a POST upon pressing a key doesn't seem to be a problem to me. What I'm concerned with is people following a link, opening a web page, and a script doing a POST without *any* further user interaction. Best regards, Julian
Received on Monday, 12 June 2006 19:19:58 UTC