Hi,
I just signed up for a Google Groups account, and noticed that
the signup process violates the HTTP protocol. The message I
received (attached) said:
> You are receiving this email because you have signed up to post to
> Usenet through Google Groups. Please visit the following URL to verify
> that we have your correct email address:
>
> http://posting.google.com/post/v-4ea9asdfasdfasdf/
>
> Clicking on the link above will activate your account; you will then be
> able to begin posting. Thank you for using Google Groups!
and when I accessed that link, it automatically confirmed my account.
This violates the HTTP protocol; retrieving a URI (i.e., an HTTP GET)
should not have side effects like confirming a registration; you
should use HTTP POST for that.
Further reading on GET vs POST:
Forms: GET and POST
http://www.w3.org/Provider/Style/Input
Axioms of Web architecture: Identity, State and GET
http://www.w3.org/DesignIssues/Axioms#state
HTTP 1.1 section 9.1: Safe and Idempotent Methods
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1
HTML 4.01 section 17.13: Form submission
http://www.w3.org/TR/html4/interact/forms.html#h-17.13
--
Gerald Oskoboiny <gerald@impressive.net>
http://impressive.net/people/gerald/
Forwarded message 1
You are receiving this email because you have signed up to post to
Usenet through Google Groups. Please visit the following URL to verify
that we have your correct email address:
http://posting.google.com/post/v-4ea9asdfasdfasdf/
Clicking on the link above will activate your account; you will then be
able to begin posting. Thank you for using Google Groups!
Your login: gerald@impressive.net
Sincerely,
The Google Team
If you have not requested this account please ignore this email.