Re: Is OPTIONS Safe?

Yes, that's what I'm suggesting.


On 03/06/2009, at 11:33 AM, John Kemp wrote:

> Mark Nottingham wrote:
>> p2 7.2 currently says about OPTIONS:
>>> This method allows the client to
>>>   determine the options and/or requirements associated with a  
>>> resource,
>>>   or the capabilities of a server, without implying a resource  
>>> action
>>>   or initiating a resource retrieval.
>> That sounds safe to me,
> From p2 7.1.1:
> "In particular, the convention has been established that the GET and
> HEAD methods SHOULD NOT have the significance of taking an action
> other than retrieval.  These methods ought to be considered "safe".
> This allows user agents to represent other methods, such as POST, PUT
> and DELETE, in a special way, so that the user is made aware of the
> fact that a possibly unsafe action is being requested."
> Which suggests to me that "safe" currently means that _only_ a  
> retrieval operation takes place with safe methods.
>> but I don't see anywhere where this is said explicitly.
> It seems to me that the definition of "safe" would then have to  
> include operations which do not initiate a resource retrieval at all  
> (eg. OPTIONS)
>> The answer matters for things like redirection without user  
>> intervention (assuming we keep that requirement).
>> Proposal: Specify that OPTIONS is safe.
> By updating 7.1.1?
> Regards,
> - johnk
>> Cheers,
>> -- 
>> Mark Nottingham

Mark Nottingham

Received on Wednesday, 3 June 2009 02:24:07 UTC