- From: Larry Masinter <LMM@acm.org>
- Date: Tue, 16 Apr 2002 18:39:37 -0700
- To: "'Dan Connolly'" <connolly@w3.org>, <www-tag@w3.org>
I'm going to repeat my point in a different way. I think
the conclusion is nonsense, because it is based on
incorrect reasoning.
"GET/HEAD should be safe" does not imply
"all safe applications should use GET/HEAD".
It isn't sufficient to cause the latter statement
to be a "fundamental principle of the web" merely
by assertion. ("Because DC said it was so.")
In particular, there are other reasons for using POST,
namely that GET does not take a body, and trying to add
a body to GET requests would introduce significant
incompatibility. A "safe" operation which also involves
file upload, for example, should not encode the file
data in the URL.
The HTTP working group's conclusion on this topic over
a significant amount of discussion was that, if we
wanted to do anything about this, we should add the
"Safe:" result header. However, there was no consensus
that there was any desire to know whether POST methods
were Safe or not, so RFC 2310 remains as "Experimental".
Received on Tuesday, 16 April 2002 21:40:47 UTC