 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
83 messages in org.w3.www-tagRe: draft findings on Unsafe Methods ...| From | Sent On | Attachments |
|---|---|---|
| Dan Connolly | Apr 15, 2002 8:50 am | |
| Larry Masinter | Apr 15, 2002 1:44 pm | |
| David Orchard | Apr 15, 2002 3:01 pm | |
| David Orchard | Apr 15, 2002 3:19 pm | |
| Mark Baker | Apr 15, 2002 8:00 pm | |
| Keith Moore | Apr 15, 2002 8:37 pm | |
| Scott Cantor | Apr 15, 2002 9:28 pm | |
| Edwin Khodabakchian | Apr 15, 2002 9:34 pm | |
| David Orchard | Apr 15, 2002 10:18 pm | |
| Paul Prescod | Apr 15, 2002 11:17 pm | |
| Tim Bray | Apr 15, 2002 11:32 pm | |
| Mark Nottingham | Apr 16, 2002 1:01 am | |
| Tim Bray | Apr 16, 2002 1:02 am | |
| Mark Nottingham | Apr 16, 2002 1:09 am | |
| Paul Prescod | Apr 16, 2002 2:11 am | |
| Paul Prescod | Apr 16, 2002 3:02 am | |
| Mark Baker | Apr 16, 2002 4:54 am | |
| Williams, Stuart | Apr 16, 2002 8:22 am | |
| Keith Moore | Apr 16, 2002 8:32 am | |
| jon...@research.att.com | Apr 16, 2002 8:44 am | |
| Scott Cantor | Apr 16, 2002 8:55 am | |
| Paul Prescod | Apr 16, 2002 9:40 am | |
| Mark Nottingham | Apr 16, 2002 9:42 am | |
| Hutchison, Nigel | Apr 16, 2002 9:43 am | |
| Henrik Frystyk Nielsen | Apr 16, 2002 10:48 am | |
| Bullard, Claude L (Len) | Apr 16, 2002 1:46 pm | |
| Larry Masinter | Apr 16, 2002 6:39 pm | |
| Roy T. Fielding | Apr 16, 2002 7:54 pm | |
| Larry Masinter | Apr 16, 2002 10:10 pm | |
| Graham Klyne | Apr 17, 2002 1:54 am | |
| Paul Prescod | Apr 18, 2002 12:33 am | |
| Graham Klyne | Apr 18, 2002 9:11 am | |
| Alex Rousskov | Apr 18, 2002 9:30 am | |
| Paul Prescod | Apr 18, 2002 9:45 am | |
| Graham Klyne | Apr 18, 2002 11:58 am | |
| Roy T. Fielding | Apr 18, 2002 3:11 pm | |
| Don Box | Apr 18, 2002 6:28 pm | |
| Mark Baker | Apr 18, 2002 8:50 pm | |
| Keith Moore | Apr 18, 2002 8:54 pm | |
| Paul Prescod | Apr 18, 2002 10:00 pm | |
| Graham Klyne | Apr 19, 2002 12:53 am | |
| Bill de hÓra | Apr 19, 2002 4:18 am | |
| Roy T. Fielding | Apr 19, 2002 1:20 pm | |
| Anne Thomas Manes | Apr 22, 2002 3:23 pm | |
| Paul Prescod | Apr 22, 2002 4:01 pm | |
| Anne Thomas Manes | Apr 22, 2002 8:17 pm | |
| Paul Prescod | Apr 22, 2002 10:21 pm | |
| Anne Thomas Manes | Apr 23, 2002 5:36 am | |
| Paul Prescod | Apr 23, 2002 12:03 pm | |
| Paul Prescod | Apr 23, 2002 2:09 pm | |
| Roy T. Fielding | Apr 23, 2002 2:14 pm | |
| Bullard, Claude L (Len) | Apr 23, 2002 2:50 pm | |
| Joshua Allen | Apr 23, 2002 2:53 pm | |
| David Orchard | Apr 23, 2002 4:14 pm | |
| Keith Moore | Apr 23, 2002 5:05 pm | |
| Roy T. Fielding | Apr 23, 2002 5:14 pm | |
| Simon St.Laurent | Apr 23, 2002 5:18 pm | |
| Larry Masinter | Apr 23, 2002 6:31 pm | |
| Mark Baker | Apr 23, 2002 6:36 pm | |
| Paul Prescod | Apr 23, 2002 8:03 pm | |
| Tim Bray | Apr 23, 2002 8:30 pm | |
| Dan Connolly | Apr 23, 2002 9:05 pm | |
| Joshua Allen | Apr 23, 2002 9:10 pm | |
| Anne Thomas Manes | Apr 23, 2002 9:28 pm | |
| Mark Nottingham | Apr 23, 2002 9:42 pm | |
| Jeff Bone | Apr 23, 2002 9:42 pm | |
| Joshua Allen | Apr 23, 2002 10:02 pm | |
| Paul Prescod | Apr 23, 2002 10:05 pm | |
| Joshua Allen | Apr 23, 2002 10:27 pm | |
| Joshua Allen | Apr 23, 2002 10:38 pm | |
| Mark Nottingham | Apr 23, 2002 10:57 pm | |
| Mark Nottingham | Apr 23, 2002 11:16 pm | |
| Joshua Allen | Apr 23, 2002 11:20 pm | |
| Dan Connolly | Apr 23, 2002 11:23 pm | |
| Tim Bray | Apr 23, 2002 11:56 pm | |
| Bullard, Claude L (Len) | Apr 24, 2002 7:23 am | |
| Larry Masinter | Apr 24, 2002 8:47 am | |
| Keith Moore | Apr 24, 2002 10:46 am | |
| Bullard, Claude L (Len) | Apr 24, 2002 10:56 am | |
| Aaron Swartz | Apr 24, 2002 11:27 am | |
| Mike Dierken | Apr 24, 2002 12:06 pm | |
| David Orchard | Apr 25, 2002 10:54 am | |
| Roy T. Fielding | May 5, 2002 3:38 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | Re: draft findings on Unsafe Methods (whenToUseGet-7) | Actions... |
|---|---|---|
| From: | Roy T. Fielding (fiel...@apache.org) | |
| Date: | Apr 16, 2002 7:54:17 pm | |
| List: | org.w3.www-tag | |
In particular, there are other reasons for using POST, namely that GET does not take a body, and trying to add a body to GET requests would introduce significant incompatibility. A "safe" operation which also involves file upload, for example, should not encode the file data in the URL.
File upload is not a safe operation. In general, most applications that involve user-supplied data being supplied to the server are not safe. The only exception is when the information is in the form of generalized query parameters, for which there is a trade-off between GET and POST that usually involves the size of the parameter content. GET is only desirable for those cases where the parameters can be expressed as a meaningful URI.
As I mentioned on the conference call, it would be far more effective to tease out the principles of the Web and define those, rather than express edicts about the use of HTTP. The fact of the matter is that most CGI scripts are not HTTP compliant. Most CGI scripts, in fact, provide interfaces to applications that suck. The "G" stands for Gateway. What people should realize is not that "CGI scripts should be banned", but rather that if the CGI script is written such that it behaves like a proper Web interface, then it won't suck. The point is to describe to developers the ways in which an interface can be better implemented on the Web. REST is not the easiest way to provide an interface on the Web. In fact, doing it right requires fairly sophisticated software. CGI makes life easy for programmers. REST-like operation makes life easy for users and content maintainers.
The problem with SOAP is that it tries to escape from the Web interface. It deliberately attempts to suck, mostly because it is deliberately trying to supplant CGI-like applications rather than Web-like applications. It is simply a waste of time for folks to say that "HTTP allows this because I've seen it used by this common CGI script." If we thought that sucky CGI scripts were the basis for good Web architectures, then we wouldn't have needed a Gateway Interface to implement them.
In order for SOAP-ng to succeed as a Web protocol, it needs to start behaving like it is part of the Web. That means, among other things, that it should stop trying to encapsulate all sorts of actions under an object-specific interface. It needs to limit its object-specific behavior to those situations in which object-specific behavior is actually desirable. If it does not do so, then it is not using URI as the basis for resource identification, and therefore it is no more part of the Web than SMTP.
The HTTP working group's conclusion on this topic over a significant amount of discussion was that, if we wanted to do anything about this, we should add the "Safe:" result header. However, there was no consensus that there was any desire to know whether POST methods were Safe or not, so RFC 2310 remains as "Experimental".
I think that is stretching it. The HTTP-WG never reached any conclusion on the topic. The Safe header field was not implemented because it is utterly pointless to know whether or not a message is safe *after* it has been invoked. We already have other means to mark whether or not content can be cached, and caches won't use anything other than a URI and simple header field content as a cache key.
Cheers,
Roy T. Fielding, Chairman, The Apache Software Foundation (fiel...@apache.org) <http://www.apache.org/>
Chief Scientist, Day Software 2 Corporate Plaza, Suite 150 Newport Beach, CA 92660-7929 fax:+1.949.644.5064 (roy....@day.com) <http://www.day.com/>