- From: S. Mike Dierken <mike@dierken.com>
- Date: Tue, 25 Oct 2005 20:52:42 -0700
> I'm not sure where this idea has come from that sending POSTs > is inherently unsafe (which, by the way, no-one has offered a > good explanation for yet). POST requests are unsafe because the intent is to modify the data identified by the resource - data modification is tagged as being 'unsafe'. This is a narrow definition of 'unsafe' and is only in relation to GET, HEAD and OPTIONS where the user is not liable for changes/damages that may happen due to those requests. They are however liable for changes that are a result of POST (or PUT or DELETE). In this use case of notifying trackers, I earlier called it 'unsafe' because I mixed up concerns of privacy and hijacking pages with this use. That was incorrect. > > There's nothing wrong with POST being used for this purpose > IMHO, but I'd be very interested to hear arguments to the contrary. I now agree - state is being transferred from the client to the server.
Received on Tuesday, 25 October 2005 20:52:42 UTC