please use http POST to confirm accounts from Gerald Oskoboiny on 2008-07-10 (www-archive@w3.org from July 2008)

From: Gerald Oskoboiny <gerald@impressive.net>
Date: Thu, 10 Jul 2008 14:44:13 -0700 (PDT)
To: FriendFeed <friendfeed@googlegroups.com>
Cc: www-archive@w3.org
Message-ID: <f8f63674-0a3f-4e87-b314-88064a650d90@r66g2000hsg.googlegroups.com>

Hi,

I just signed up for a FriendFeed account and when I clicked on the
link to verify my email address it automatically confirmed my account.

Instead of confirming the account immediately you should display a
short web form that the user must POST to confirm; using HTTP GET for
this violates the HTTP and HTML standards.

Further reading on GET vs POST:

    URIs, Addressability, and the use of HTTP GET and POST
    http://www.w3.org/2001/tag/doc/whenToUseGet.html

    Forms: GET and POST
    http://www.w3.org/Provider/Style/Input

    Axioms of Web architecture: Identity, State and GET
    http://www.w3.org/DesignIssues/Axioms#state

    HTTP 1.1 section 9.1: Safe and Idempotent Methods
    http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1

    HTML 4.01 section 17.13: Form submission
    http://www.w3.org/TR/html4/interact/forms.html#h-17.13

thanks!

Received on Thursday, 10 July 2008 22:34:22 UTC