- From: Kyle Rose <krose@krose.org>
- Date: Thu, 28 Sep 2017 19:33:13 -0400
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Wed, Sep 27, 2017 at 8:57 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On Thu, Sep 28, 2017 at 10:50 AM, Mark Nottingham <mnot@mnot.net> wrote: >> I prefer the current text in the draft; it's aligned with and refers to 7231. > > I can certainly live with that if others can. The section of the HTTP/1.1 standard Mark referenced uses the language "the client does not request, and does not expect, any state change on the origin server as a result of applying a safe method to a target resource", and in the next paragraph clarifies that this judgment must be made by the client alone, presumably because it has no way of knowing what the server is actually doing, and that "the client did not request that additional behavior and cannot be held accountable for it". In this case, the origin server knows (or could know) what the effects of the request are, so the two situations are different. ISTM also that "state-changing side effects" can easily be construed to include logs, TCP state, etc., so the same objection seems to apply here. That said, I fear any language here will either be too specific and therefore wrong, or too general and therefore permit some undesirable origin server behavior. Kyle
Received on Thursday, 28 September 2017 23:33:37 UTC