- From: Jim Whitehead <ejw@ics.uci.edu>
- Date: Sun, 15 Aug 1999 16:12:52 -0700
- To: Larry Masinter <masinter@parc.xerox.com>, John Stracke <francis@ecal.com>, WebDAV WG <w3c-dist-auth@w3.org>
Since some systems allow GET to perform non-safe, non-idempotent operations via URL munging (e.g., http://www.docmgmtsys.com/doc-guid;action=CHECKOUT) it seems to me the best a spec. can do is state what the intended behavior is wrt safety and idempotence, and assume that people won't break it without a very good reason. - Jim > > > PROPFIND: safe, idempotent > > > PROPPATCH: unsafe, idempotent > > > > ...*provided* you're not using any funky live properties. Live > properties are > > behavior, not state, so they have safeness and idempotency, > too. So, really, > > you have to assume that both PROPFIND and PROPPATCH are unsafe and > > non-idempotent unless you know the safeness and idempotency of all the > > properties in use. > > I think it's more appropriate to define 'live properties' such that > they have the same relationship to safety and idempotency of PROPFIND > and PROPPATCH as 'resources' have to GET and PUT. That is: > > even though the property is live, PROPFIND of any property > SHOULD be safe and idempotent, and PROPPATCH should be idempotent. > > > > (This is the same issue as CGIs in base HTTP/1.1; a CGI script > could be built > > that reacts unsafely to GET, but it wouldn't be HTTP/1.1-compliant; it's > > supposed to use POST if it's unsafe. But we don't have PROPFIND-GET and > > PROPFIND-POST.) > > We should make the correspondence of PROPFIND-GET and PROPPATCH-PUT > (not POST). Not having done so is an flaw in the WebDAV spec that > SHOULD be corrected, not celebrated. > > Larry >
Received on Sunday, 15 August 1999 19:16:40 UTC