Re: whenToUseGet-7 counter-proposal - Mark Nottingham - org.w3.www-tag

83 messages in org.w3.www-tagRe: whenToUseGet-7 counter-proposal

From	Sent On	Attachments
Dan Connolly	Apr 15, 2002 8:50 am
Larry Masinter	Apr 15, 2002 1:44 pm
David Orchard	Apr 15, 2002 3:01 pm
David Orchard	Apr 15, 2002 3:19 pm
Mark Baker	Apr 15, 2002 8:00 pm
Keith Moore	Apr 15, 2002 8:37 pm
Scott Cantor	Apr 15, 2002 9:28 pm
Edwin Khodabakchian	Apr 15, 2002 9:34 pm
David Orchard	Apr 15, 2002 10:18 pm
Paul Prescod	Apr 15, 2002 11:17 pm
Tim Bray	Apr 15, 2002 11:32 pm
Mark Nottingham	Apr 16, 2002 1:01 am
Tim Bray	Apr 16, 2002 1:02 am
Mark Nottingham	Apr 16, 2002 1:09 am
Paul Prescod	Apr 16, 2002 2:11 am
Paul Prescod	Apr 16, 2002 3:02 am
Mark Baker	Apr 16, 2002 4:54 am
Williams, Stuart	Apr 16, 2002 8:22 am
Keith Moore	Apr 16, 2002 8:32 am
jon...@research.att.com	Apr 16, 2002 8:44 am
Scott Cantor	Apr 16, 2002 8:55 am
Paul Prescod	Apr 16, 2002 9:40 am
Mark Nottingham	Apr 16, 2002 9:42 am
Hutchison, Nigel	Apr 16, 2002 9:43 am
Henrik Frystyk Nielsen	Apr 16, 2002 10:48 am
Bullard, Claude L (Len)	Apr 16, 2002 1:46 pm
Larry Masinter	Apr 16, 2002 6:39 pm
Roy T. Fielding	Apr 16, 2002 7:54 pm
Larry Masinter	Apr 16, 2002 10:10 pm
Graham Klyne	Apr 17, 2002 1:54 am
Paul Prescod	Apr 18, 2002 12:33 am
Graham Klyne	Apr 18, 2002 9:11 am
Alex Rousskov	Apr 18, 2002 9:30 am
Paul Prescod	Apr 18, 2002 9:45 am
Graham Klyne	Apr 18, 2002 11:58 am
Roy T. Fielding	Apr 18, 2002 3:11 pm
Don Box	Apr 18, 2002 6:28 pm
Mark Baker	Apr 18, 2002 8:50 pm
Keith Moore	Apr 18, 2002 8:54 pm
Paul Prescod	Apr 18, 2002 10:00 pm
Graham Klyne	Apr 19, 2002 12:53 am
Bill de hÓra	Apr 19, 2002 4:18 am
Roy T. Fielding	Apr 19, 2002 1:20 pm
Anne Thomas Manes	Apr 22, 2002 3:23 pm
Paul Prescod	Apr 22, 2002 4:01 pm
Anne Thomas Manes	Apr 22, 2002 8:17 pm
Paul Prescod	Apr 22, 2002 10:21 pm
Anne Thomas Manes	Apr 23, 2002 5:36 am
Paul Prescod	Apr 23, 2002 12:03 pm
Paul Prescod	Apr 23, 2002 2:09 pm
Roy T. Fielding	Apr 23, 2002 2:14 pm
Bullard, Claude L (Len)	Apr 23, 2002 2:50 pm
Joshua Allen	Apr 23, 2002 2:53 pm
David Orchard	Apr 23, 2002 4:14 pm
Keith Moore	Apr 23, 2002 5:05 pm
Roy T. Fielding	Apr 23, 2002 5:14 pm
Simon St.Laurent	Apr 23, 2002 5:18 pm
Larry Masinter	Apr 23, 2002 6:31 pm
Mark Baker	Apr 23, 2002 6:36 pm
Paul Prescod	Apr 23, 2002 8:03 pm
Tim Bray	Apr 23, 2002 8:30 pm
Dan Connolly	Apr 23, 2002 9:05 pm
Joshua Allen	Apr 23, 2002 9:10 pm
Anne Thomas Manes	Apr 23, 2002 9:28 pm
Mark Nottingham	Apr 23, 2002 9:42 pm
Jeff Bone	Apr 23, 2002 9:42 pm
Joshua Allen	Apr 23, 2002 10:02 pm
Paul Prescod	Apr 23, 2002 10:05 pm
Joshua Allen	Apr 23, 2002 10:27 pm
Joshua Allen	Apr 23, 2002 10:38 pm
Mark Nottingham	Apr 23, 2002 10:57 pm
Mark Nottingham	Apr 23, 2002 11:16 pm
Joshua Allen	Apr 23, 2002 11:20 pm
Dan Connolly	Apr 23, 2002 11:23 pm
Tim Bray	Apr 23, 2002 11:56 pm
Bullard, Claude L (Len)	Apr 24, 2002 7:23 am
Larry Masinter	Apr 24, 2002 8:47 am
Keith Moore	Apr 24, 2002 10:46 am
Bullard, Claude L (Len)	Apr 24, 2002 10:56 am
Aaron Swartz	Apr 24, 2002 11:27 am
Mike Dierken	Apr 24, 2002 12:06 pm
David Orchard	Apr 25, 2002 10:54 am
Roy T. Fielding	May 5, 2002 3:38 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	Re: whenToUseGet-7 counter-proposal	Actions...
From:	Mark Nottingham (mn...@mnot.net)
Date:	Apr 23, 2002 10:57:24 pm
List:	org.w3.www-tag

On Tuesday, April 23, 2002, at 10:28 PM, Joshua Allen wrote:

Regarding your proposed language, if systems cannot rely on HTTP GET being safe, how will caching and crawling work at all?

Most only cache and crawl URIs that don't have a querystring. You answered it yourself by saying "just don't submit forms". If a form element says METHOD=GET, the parameters are going to be embedded in the querystring. As a number of others have pointed out, the difference between METHOD=GET and METHOD=POST is irrelevant to most modern web server programming platforms (ASP, PHP, Coldfusion, JSP, Servlets etc.) When a developer decides to use a GET instead of a POST in his form, he has no idea that it should be idempotent. In retrospect, it probably would have been smart for the tools to be designed to make this distinction clearer.

My point was that URIs with query strings don't need to be generated by a form.

This is just the way things are today; caching and crawling do not trust POST, and they do not trust querystrings. Both are assumed to have potential side-effects. It is possible that some edge caches will try to cache responses from URIs with querystrings, and maybe my experience with this is negative simply because pages that are dynamically created through server code and form fields (as any with METHOD=GET) typically set the cache control headers to no cache. In fact, I once saw a situation with a prominent (non-Microsoft) ISP who was accidentally exposing customers' credit card numbers to one another because they were incorrectly caching dynamic content by *ignoring* the cache control headers. This was a fairly arcane bug, but you can bet credit cards would have been more widely compromised if this ISP had blindly cached any URI (they definitely did *not* cache URIs with querystrings unless the cache-control headers permitted it).

Interesting. My experience is completely different, and I wouldn't refer to that as an arcane bug at all.

And any crawlers I have used are deliberately designed to ignore URIs with querystrings.

See Paul's reference re: Google. I'd seen the same behaviour, but didn't have an example so handy. (Thanks, Paul!)

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: