W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2005

[whatwg] <a href="" ping="">

From: Jasper Bryant-Greene <jasper@album.co.nz>
Date: Wed, 26 Oct 2005 18:59:48 +1300
Message-ID: <1130306389.13706.9.camel@jasper.local>
On Tue, 2005-10-25 at 22:50 -0700, Mike Dierken wrote:
> > S. Mike Dierken wrote:
> > >> I'm not sure where this idea has come from that sending POSTs is 
> > >> inherently unsafe (which, by the way, no-one has offered a good 
> > >> explanation for yet).
> > > 
> > > POST requests are unsafe because the intent is to modify the data 
> > > identified by the resource - data modification is tagged as 
> > being 'unsafe'.
> > 
> > I think your confusing this with the fact that using GET 
> > requests for data modification is unsafe, and seem to be 
> > saying that POST is unsafe when used as intended!?
> > 
> Yes - I'm trying to use the terms 'safe' and 'unsafe' to mean 'read-only'
> and 'not read-only', respectively. 
> That's the usage of 'safe' and 'unsafe' with respect to HTTP that I'm
> familiar with.
> 
> For example, which (if any) of the following two FORMs is 'safe':
> 
> <form method='GET' action='../cgi-bin/nifty.cgi'>
>  <input type='submit' value='go' />
> </form>
> 
> <form method='POST' action='../cgi-bin/nifty.cgi'>
>  <input type='submit' value='go' />
> </form>
> 

I don't see anything particularly unsafe about either of them, but I
think I can see what you're getting at.

Perhaps "without side-effects" or "idempotent" might be better
descriptions than "safe"? The above two forms both look like they're
doing exactly what they were intended to do, and therefore don't seem
"unsafe" at all...

-- 
Jasper Bryant-Greene
General Manager
Album Limited

e: jasper at album.co.nz
w: http://www.album.co.nz/
p: 0800 4 ALBUM (0800 425 286) or +64 21 232 3303
a: PO Box 579, Christchurch 8015, New Zealand
Received on Tuesday, 25 October 2005 22:59:48 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:43 UTC