- From: Henri Sivonen <hsivonen@iki.fi>
- Date: Sat, 7 May 2005 11:43:54 +0300
On May 7, 2005, at 01:55, Ian Bicking wrote: > I was just thinking about the recent problems introduced by the Google > Web Accelerator following links that have side effects (the typical <a > href="form?delete=10">[delete this]</a> stuff). Links like that are objectively wrong according to RFC 2616 (HTTP 1.1). Google is free to follow those links without being responsible for the side effects. > One of the issues is that doing the Right Thing means creating a form, > and that effects the UI, There'd be a design bug somewhere if the UI wasn't affected! When something looks like a link to, the user has a good reason to expect that following the link causes a safe retrieval operation. When something looks like a button, the user has a reason to understand that pressing the button may cause an unsafe operation. > One might expect <a href="form?delete=10" method="POST">[delete > this]</a> to do a post request to "form" with a request body of > "delete=10". -1. Makes the safety of links non-obvious to users. > can be implemented in Javascript fairly easy. But shouldn't. > The Google Web Accelerator will still be broken It is not broken! The server-side apps that use GET for non-safe, non-idempotent operation are broken. -- Henri Sivonen hsivonen at iki.fi http://hsivonen.iki.fi/
Received on Saturday, 7 May 2005 01:43:54 UTC