Re: CfC: Adopt ISSUE-1 PINGUI / ISSUE-2 PINGPOST Change Proposal to remove @ping from HTML5

On Tue, Feb 23, 2010 at 7:48 PM, Maciej Stachowiak <> wrote:
> On Feb 23, 2010, at 7:27 PM, Jonas Sicking wrote:
>> On Tue, Feb 23, 2010 at 6:38 PM, Maciej Stachowiak <> wrote:
>>> The original Change Proposal for these two issues proposed removing the
>>> <a
>>> ping> attribute and associated hyperlink auditing feature. Although we
>>> had a
>>> counter-proposal, we now seem to have consensus that it is ok to drop
>>> this
>>> feature from HTML5. Thus, we should adopt the Change Proposal to remove
>>> the
>>> feature. The feature could still be proposed again for a later issue of
>>> HTML, or the issue could be re-raised if new information is provided
>>> (such
>>> as implementation experience  or server-side deployment experience.)
>>> If there are no objections, these two issues will be closed on March 2,
>>> 2010.
>> My understanding is that one of the objections to keeping @ping in the
>> spec is that HTTP requires that POST requests are not made by the UA
>> unless this has been made clear to the user that this is happening.
>> I.e. that the HTTP spec requires some type of UI. And since @ping will
>> use a UI very similar to "ping less" links, this would then be counter
>> to the requirements in the HTTP spec.
> As far as I am aware, HTTP has no such UI requirement for initial requests,
> only for redirects. It does have some non-normative advice on the
> non-redirect case but no actual requirements for UAs.
>> Is this a correct understanding? The question is directed towards the
>> people that have been arguing for @ping to be removed from HTML5.
>> If a future version of HTTP, such as the in progress HTTPbis, was
>> released and removed this UI requirement, would that remove that
>> specific objection?
> I don't think that argument was ever grounded in what the HTTP spec actually
> requires, but perhaps its proponents could clarify that position.

Some quotes from the change proposal:

]] Also, as described in ISSUE-1, ping's use of POST causes an
unsafe method to be used in response to a safe activation request,
in violation of the method constraints that have been part of
Web architecture since 1992. [[

]] clicking on a link (or a spider wandering
around) must be translated into a safe network action because to do
otherwise would require every user to know the purpose of every
resource before the GET.  It follows, therefore, that the UI for a
user action that is safe (a link) must be rendered differently from
all other actions that might be unsafe [[

]] In short, if the UI is being presented as a normal link, then the
HTTP methods resulting from the user's selection must all be safe

(I hope I'm not quoting out of context somehow, everyone is encouraged
to read the change proposal at

/ Jonas

Received on Wednesday, 24 February 2010 04:09:32 UTC