- From: John Kemp <john@jkemp.net>
- Date: Tue, 02 Jun 2009 21:33:59 -0400
- To: Mark Nottingham <mnot@mnot.net>
- CC: HTTP Working Group <ietf-http-wg@w3.org>
Mark Nottingham wrote: > p2 7.2 currently says about OPTIONS: >> This method allows the client to >> determine the options and/or requirements associated with a resource, >> or the capabilities of a server, without implying a resource action >> or initiating a resource retrieval. > That sounds safe to me, From p2 7.1.1: "In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested." Which suggests to me that "safe" currently means that _only_ a retrieval operation takes place with safe methods. > but I don't see anywhere where this is said > explicitly. It seems to me that the definition of "safe" would then have to include operations which do not initiate a resource retrieval at all (eg. OPTIONS) > > The answer matters for things like redirection without user intervention > (assuming we keep that requirement). > > Proposal: Specify that OPTIONS is safe. By updating 7.1.1? Regards, - johnk > > Cheers, > > -- > Mark Nottingham http://www.mnot.net/ > >
Received on Wednesday, 3 June 2009 01:37:43 UTC