Re: Zero-edits Counter Proposal for Issues 1 and 2 (Ping) from Maciej Stachowiak on 2010-02-17 (public-html@w3.org from February 2010)

From: Maciej Stachowiak <mjs@apple.com>
Date: Wed, 17 Feb 2010 14:57:46 -0800
To: Jonas Sicking <jonas@sicking.cc>
Cc: Julian Reschke <julian.reschke@gmx.de>, "Tab Atkins Jr." <jackalmage@gmail.com>, public-html@w3.org
Message-id: <E328D46F-18CC-4D79-BCFF-FDC8D28FD1ED@apple.com>

On Feb 17, 2010, at 1:25 PM, Jonas Sicking wrote:

> On Wed, Feb 17, 2010 at 7:41 AM, Julian Reschke  
> <julian.reschke@gmx.de> wrote:
>> On 17.02.2010 16:30, Tab Atkins Jr. wrote:
>>
>> <http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.9.1.1>:
>>
>> "9.1.1 Safe Methods
>>
>> Implementors should be aware that the software represents the user  
>> in their
>> interactions over the Internet, and should be careful to allow the  
>> user to
>> be aware of any actions they might take which may have an unexpected
>> significance to themselves or others.
>>
>> In particular, the convention has been established that the GET and  
>> HEAD
>> methods SHOULD NOT have the significance of taking an action other  
>> than
>> retrieval. These methods ought to be considered "safe". This allows  
>> user
>> agents to represent other methods, such as POST, PUT and DELETE, in a
>> special way, so that the user is made aware of the fact that a  
>> possibly
>> unsafe action is being requested.
>>
>> Naturally, it is not possible to ensure that the server does not  
>> generate
>> side-effects as a result of performing a GET request; in fact, some  
>> dynamic
>> resources consider that a feature. The important distinction here  
>> is that
>> the user did not request the side-effects, so therefore cannot be  
>> held
>> accountable for them."
>>
>> Note the last paragraph - what's relevant is whether the *user* is
>> requesting side-effects; and this is *clearly* not the case when  
>> navigating
>> to another document.
>
> The fact that the HTTP spec mandates UI is a really bad idea.

The section above is just advice (there's no actual requirement on  
user agents).

But HTTP does have a MUST-level UI requirement on user agents relating  
to this, specifically when redirecting an unsafe method. I raised this  
objection with the HTTPbis WG: <http://lists.w3.org/Archives/Public/ietf-http-wg/2010JanMar/0170.html 
 >

It seems like some people disagreed that this should change, and some  
agreed. I'm not entirely sure what's the next step in the HTTPbis WG's  
process. You're welcome to post on teh thread if you have input.

Regards,
Maciej

Received on Wednesday, 17 February 2010 22:58:22 UTC