RE: WhenToUseGet-7 comments

> > I am trying to understand what it means to make a POST
> > operation safe.
>
> *mark*, not *make*. i.e. a POST operation might _be_
> safe (e.g. markup validator with file upload), but in the current
> HTTP protocol, the client has no way to know that it's
> safe. It has to assume that POST operations are unsafe.
>

Yup.  Unless there's a marker of some kind.

> >  Does this mean designing a new method that
> > carries a message body but is identified as a safe method
> > (QUERY?)
>
> A new QUERY method is analagous to having some way
> for the server to tell the client that certain POST
> operations are safe.

And we had talked about this.  The long ago original draft finding suggested
a new QUERY method.  We decided not to propose that as part of this finding.
My recollection of the reason was that introducing a new method probably
simply wasn't going to be deployed irl.

Cheers,
dave

Received on Wednesday, 17 September 2003 11:26:25 UTC