Re: Proposed HTTP SEARCH method update

On 2015-05-20 08:37, Wenbo Zhu wrote:
> ...
>     SEARCH can be safely retried, and some pieces of code already know that.
>     Also: X-HTTP-Method-Override is a hack people used when they
>     couldn't use new methods (for some value of "new"). Why does *not*
>     using this hack feel to you like doing it? /me confused.
> SEARCH to me is like a POST, i.e. to make a function call against a
> resource. This is what I was suggesting (or voting) ...

Well, it's not. One obvious difference is that it already is defined to 
be safe.

>         GET with a body: to ensure no server will ignore the body, could we
>         expect the client to generate a unique token in the URL? Also, I
>         think
>     a) How is this supposed to work? b) Even if it did, how is mangling
>     things into the URL ever a good idea?
> To address the concern that a server that does not look at the GET body
> may return an unfiltered resource based on just the URL.

I still don't see how this affect existing code.

> ...
>     Yes, if you rewrite all components that currently do not expect GET
>     with bodies.
> If we can address the safety issue, then I believe GET + body
> complicates the Web less than introducing a new method like SEARCH
> (whose use cases overlaps with GET in many ways), IMHO.

SEARCH is not a new method. The proposal is about extending it to make 
it useful outside WebDAV.

Best regards,Julian

Received on Wednesday, 20 May 2015 06:41:36 UTC