- From: Julian Reschke <julian.reschke@greenbytes.de>
- Date: Wed, 20 May 2015 08:41:11 +0200
- To: Wenbo Zhu <wenboz@google.com>
- CC: Philippe Mougin <pmougin@acm.org>, James M Snell <jasnell@gmail.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On 2015-05-20 08:37, Wenbo Zhu wrote: > ... > SEARCH can be safely retried, and some pieces of code already know that. > > Also: X-HTTP-Method-Override is a hack people used when they > couldn't use new methods (for some value of "new"). Why does *not* > using this hack feel to you like doing it? /me confused. > > SEARCH to me is like a POST, i.e. to make a function call against a > resource. This is what I was suggesting (or voting) ... Well, it's not. One obvious difference is that it already is defined to be safe. > GET with a body: to ensure no server will ignore the body, could we > expect the client to generate a unique token in the URL? Also, I > think > > > a) How is this supposed to work? b) Even if it did, how is mangling > things into the URL ever a good idea? > > To address the concern that a server that does not look at the GET body > may return an unfiltered resource based on just the URL. I still don't see how this affect existing code. > ... > Yes, if you rewrite all components that currently do not expect GET > with bodies. > > If we can address the safety issue, then I believe GET + body > complicates the Web less than introducing a new method like SEARCH > (whose use cases overlaps with GET in many ways), IMHO. SEARCH is not a new method. The proposal is about extending it to make it useful outside WebDAV. Best regards,Julian
Received on Wednesday, 20 May 2015 06:41:36 UTC