W3C home > Mailing lists > Public > www-archive@w3.org > July 2008

please use http POST to confirm accounts

From: Gerald Oskoboiny <gerald@impressive.net>
Date: Thu, 10 Jul 2008 14:44:13 -0700 (PDT)
Message-ID: <f8f63674-0a3f-4e87-b314-88064a650d90@r66g2000hsg.googlegroups.com>
To: FriendFeed <friendfeed@googlegroups.com>
Cc: www-archive@w3.org


I just signed up for a FriendFeed account and when I clicked on the
link to verify my email address it automatically confirmed my account.

Instead of confirming the account immediately you should display a
short web form that the user must POST to confirm; using HTTP GET for
this violates the HTTP and HTML standards.

Further reading on GET vs POST:

    URIs, Addressability, and the use of HTTP GET and POST

    Forms: GET and POST

    Axioms of Web architecture: Identity, State and GET

    HTTP 1.1 section 9.1: Safe and Idempotent Methods

    HTML 4.01 section 17.13: Form submission

Received on Thursday, 10 July 2008 22:34:22 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:33:31 UTC