- From: Thomas Broyer <t.broyer@gmail.com>
- Date: Thu, 8 Nov 2007 09:08:31 +0100
- To: public-html@w3.org
2007/11/8, Mark Baker: > > Consider that when my Web server receives GET requests, it logs > (appends) a record of that in a log file. Does that make the message > non-idempotent and non-safe? No, of course not, because GET messages > are safe by *definition*. It does make the implementation both those > things though. But there's a huge difference here. When your Web server receives a GET request, I suppose the message intent is to retrieve a resource (idempotent), the server is free to log the request and/or update other resources, etc. as long as there is no direct incidence on the retrieved resource. With ping="", the "log" is differentiated from the retrieval (it'll generally belong to a third server). When the user follows the link, there are two messages sent: one to retrieve the resource (idempotent) and one to "track the click", whatever the user's intent. This second message is by definition non-idempotent. The problem enlighten in this thread is generally-speaking a UI one: if a non-safe (non-idempotent) action has to be taken, it should be somehow "approved" by the end-user. Take a look at what browsers are doing: when you first use a <form method=POST> the browser tells you you're about to send information to a server and asks you whether you're OK to continue. The dialog-box contains a check-box allowing you to configure the browser to not prompt you next time you use a <form method=POST>. So AFAIUI, browsers are correctly implementing the HTTP spec, contrary to what has been said in this thread. So, why couldn't it be the same with ping-enabled links? The first time the user clicks such a link, the browser tells her she's about to tell a tier she's following this link, that this could be used to remunerate one or both the parties involved, make statistics, etc. and asks her whether she's OK to do the ping; with an option (check-box) to configure the browser not to prompt her the next time she clicks a ping-enabled link. In brief: I'm fine with using POST for pings and I don't think it violates any HTTP principle (as long as the user first give her assent). -- Thomas Broyer
Received on Thursday, 8 November 2007 08:08:39 UTC