Re: spec review: ping attribute

On Oct 27, 2007, at 19:12, Julian Reschke wrote:

> Geoffrey Sneddon wrote:
>> Having read this entire thread, I don't see why anything is  
>> actually wrong. In this context the difference between GET and  
>> POST is negligible  both can technically be used to do what is  
>> desired, though using GET would be breaking RFC 2616 (or rather,  
>> breaking a SHOULD NOT). If we
>
> No, sorry, that's incorrect.
>
> If you want to do something silently (without the user's consent),  
> you simply have to use a safe method.

So would you ban XHR POST and script-initiated form submissions?

The ping attribute does have the same security risks that cross- 
domain XHR POST with empty entity body would have if the access- 
control Method-Check weren't there. That is, if a POST handler has  
been programmed to trigger stuff on mere POST without a body, a  
malicious ping attribute could be used to trigger that action.

> And if you consider the desired effect non-safe (which I don't),  
> then the consequence is that you just can't do it.

It is about idempotent vs. non-idempotent and side effects.

If you are counting ad impressions, clearly you don't want to
  a) count Google Web Accelerator (or similar) prefetches
  b) leave impressions uncounted due to an intermediate cache  
satisfying the request.

-- 
Henri Sivonen
hsivonen@iki.fi
http://hsivonen.iki.fi/

Received on Sunday, 28 October 2007 09:57:36 UTC