W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2005

[whatwg] <a href="" ping="">

From: S. Mike Dierken <mike@dierken.com>
Date: Tue, 25 Oct 2005 20:52:42 -0700
Message-ID: <20051026035244.180F6106345@legolas.dreamhost.com>
> I'm not sure where this idea has come from that sending POSTs 
> is inherently unsafe (which, by the way, no-one has offered a 
> good explanation for yet).
POST requests are unsafe because the intent is to modify the data identified
by the resource - data modification is tagged as being 'unsafe'.
This is a narrow definition of 'unsafe' and is only in relation to GET, HEAD
and OPTIONS where the user is not liable for changes/damages that may happen
due to those requests. They are however liable for changes that are a result
of POST (or PUT or DELETE).

In this use case of notifying trackers, I earlier called it 'unsafe' because
I mixed up concerns of privacy and hijacking pages with this use. That was
incorrect.

> 
> There's nothing wrong with POST being used for this purpose 
> IMHO, but I'd be very interested to hear arguments to the contrary.
I now agree - state is being transferred from the client to the server.
Received on Tuesday, 25 October 2005 20:52:42 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:43 UTC