- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Fri, 26 Oct 2007 14:04:31 +0200
- To: HTML WG <public-html@w3.org>
Hi, I was previously aware of a/@ping, but today I had a closer look at <http://www.w3.org/html/wg/html5/#hyperlink0>, currently stating: "For URIs that are HTTP URIs, the requests must be performed using the POST method (with an empty entity body in the request). User agents must ignore any entity bodies returned in the responses, but must, unless otherwise specified by the user, honour the HTTP headers — in particular, HTTP cookie headers. [RFC2965]" I'd like to understand why POST was selected for that. POST is an unsafe method, and it shouldn't be sent without the consent of the user -- in particular not if the target is on a different server. Thus: - please make it default to be invalid when on a different server, and - choose a safe HTTP method, such as GET/HEAD (and yes, caching can be disabled through Cache-Control). The spec continues with: "When the ping attribute is present, user agents should clearly indicate to the user that following the hyperlink will also cause secondary requests to be sent in the background, possibly including listing the actual target URIs." This is good, but it's probably not clear enough -- at least FF3 is ignoring this. Best regards, Julian
Received on Friday, 26 October 2007 12:04:49 UTC