 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
83 messages in org.w3.www-tagRE: whenToUseGet-7 counter-proposal| From | Sent On | Attachments |
|---|---|---|
| Dan Connolly | Apr 15, 2002 8:50 am | |
| Larry Masinter | Apr 15, 2002 1:44 pm | |
| David Orchard | Apr 15, 2002 3:01 pm | |
| David Orchard | Apr 15, 2002 3:19 pm | |
| Mark Baker | Apr 15, 2002 8:00 pm | |
| Keith Moore | Apr 15, 2002 8:37 pm | |
| Scott Cantor | Apr 15, 2002 9:28 pm | |
| Edwin Khodabakchian | Apr 15, 2002 9:34 pm | |
| David Orchard | Apr 15, 2002 10:18 pm | |
| Paul Prescod | Apr 15, 2002 11:17 pm | |
| Tim Bray | Apr 15, 2002 11:32 pm | |
| Mark Nottingham | Apr 16, 2002 1:01 am | |
| Tim Bray | Apr 16, 2002 1:02 am | |
| Mark Nottingham | Apr 16, 2002 1:09 am | |
| Paul Prescod | Apr 16, 2002 2:11 am | |
| Paul Prescod | Apr 16, 2002 3:02 am | |
| Mark Baker | Apr 16, 2002 4:54 am | |
| Williams, Stuart | Apr 16, 2002 8:22 am | |
| Keith Moore | Apr 16, 2002 8:32 am | |
| jon...@research.att.com | Apr 16, 2002 8:44 am | |
| Scott Cantor | Apr 16, 2002 8:55 am | |
| Paul Prescod | Apr 16, 2002 9:40 am | |
| Mark Nottingham | Apr 16, 2002 9:42 am | |
| Hutchison, Nigel | Apr 16, 2002 9:43 am | |
| Henrik Frystyk Nielsen | Apr 16, 2002 10:48 am | |
| Bullard, Claude L (Len) | Apr 16, 2002 1:46 pm | |
| Larry Masinter | Apr 16, 2002 6:39 pm | |
| Roy T. Fielding | Apr 16, 2002 7:54 pm | |
| Larry Masinter | Apr 16, 2002 10:10 pm | |
| Graham Klyne | Apr 17, 2002 1:54 am | |
| Paul Prescod | Apr 18, 2002 12:33 am | |
| Graham Klyne | Apr 18, 2002 9:11 am | |
| Alex Rousskov | Apr 18, 2002 9:30 am | |
| Paul Prescod | Apr 18, 2002 9:45 am | |
| Graham Klyne | Apr 18, 2002 11:58 am | |
| Roy T. Fielding | Apr 18, 2002 3:11 pm | |
| Don Box | Apr 18, 2002 6:28 pm | |
| Mark Baker | Apr 18, 2002 8:50 pm | |
| Keith Moore | Apr 18, 2002 8:54 pm | |
| Paul Prescod | Apr 18, 2002 10:00 pm | |
| Graham Klyne | Apr 19, 2002 12:53 am | |
| Bill de hÓra | Apr 19, 2002 4:18 am | |
| Roy T. Fielding | Apr 19, 2002 1:20 pm | |
| Anne Thomas Manes | Apr 22, 2002 3:23 pm | |
| Paul Prescod | Apr 22, 2002 4:01 pm | |
| Anne Thomas Manes | Apr 22, 2002 8:17 pm | |
| Paul Prescod | Apr 22, 2002 10:21 pm | |
| Anne Thomas Manes | Apr 23, 2002 5:36 am | |
| Paul Prescod | Apr 23, 2002 12:03 pm | |
| Paul Prescod | Apr 23, 2002 2:09 pm | |
| Roy T. Fielding | Apr 23, 2002 2:14 pm | |
| Bullard, Claude L (Len) | Apr 23, 2002 2:50 pm | |
| Joshua Allen | Apr 23, 2002 2:53 pm | |
| David Orchard | Apr 23, 2002 4:14 pm | |
| Keith Moore | Apr 23, 2002 5:05 pm | |
| Roy T. Fielding | Apr 23, 2002 5:14 pm | |
| Simon St.Laurent | Apr 23, 2002 5:18 pm | |
| Larry Masinter | Apr 23, 2002 6:31 pm | |
| Mark Baker | Apr 23, 2002 6:36 pm | |
| Paul Prescod | Apr 23, 2002 8:03 pm | |
| Tim Bray | Apr 23, 2002 8:30 pm | |
| Dan Connolly | Apr 23, 2002 9:05 pm | |
| Joshua Allen | Apr 23, 2002 9:10 pm | |
| Anne Thomas Manes | Apr 23, 2002 9:28 pm | |
| Mark Nottingham | Apr 23, 2002 9:42 pm | |
| Jeff Bone | Apr 23, 2002 9:42 pm | |
| Joshua Allen | Apr 23, 2002 10:02 pm | |
| Paul Prescod | Apr 23, 2002 10:05 pm | |
| Joshua Allen | Apr 23, 2002 10:27 pm | |
| Joshua Allen | Apr 23, 2002 10:38 pm | |
| Mark Nottingham | Apr 23, 2002 10:57 pm | |
| Mark Nottingham | Apr 23, 2002 11:16 pm | |
| Joshua Allen | Apr 23, 2002 11:20 pm | |
| Dan Connolly | Apr 23, 2002 11:23 pm | |
| Tim Bray | Apr 23, 2002 11:56 pm | |
| Bullard, Claude L (Len) | Apr 24, 2002 7:23 am | |
| Larry Masinter | Apr 24, 2002 8:47 am | |
| Keith Moore | Apr 24, 2002 10:46 am | |
| Bullard, Claude L (Len) | Apr 24, 2002 10:56 am | |
| Aaron Swartz | Apr 24, 2002 11:27 am | |
| Mike Dierken | Apr 24, 2002 12:06 pm | |
| David Orchard | Apr 25, 2002 10:54 am | |
| Roy T. Fielding | May 5, 2002 3:38 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | RE: whenToUseGet-7 counter-proposal | Actions... |
|---|---|---|
| From: | Joshua Allen (josh...@microsoft.com) | |
| Date: | Apr 23, 2002 10:27:38 pm | |
| List: | org.w3.www-tag | |
Regarding your proposed language, if systems cannot rely on HTTP GET being safe, how will caching and crawling work at all?
Most only cache and crawl URIs that don't have a querystring. You answered it yourself by saying "just don't submit forms". If a form element says METHOD=GET, the parameters are going to be embedded in the querystring. As a number of others have pointed out, the difference between METHOD=GET and METHOD=POST is irrelevant to most modern web server programming platforms (ASP, PHP, Coldfusion, JSP, Servlets etc.) When a developer decides to use a GET instead of a POST in his form, he has no idea that it should be idempotent. In retrospect, it probably would have been smart for the tools to be designed to make this distinction clearer.
This is just the way things are today; caching and crawling do not trust POST, and they do not trust querystrings. Both are assumed to have potential side-effects. It is possible that some edge caches will try to cache responses from URIs with querystrings, and maybe my experience with this is negative simply because pages that are dynamically created through server code and form fields (as any with METHOD=GET) typically set the cache control headers to no cache. In fact, I once saw a situation with a prominent (non-Microsoft) ISP who was accidentally exposing customers' credit card numbers to one another because they were incorrectly caching dynamic content by *ignoring* the cache control headers. This was a fairly arcane bug, but you can bet credit cards would have been more widely compromised if this ISP had blindly cached any URI (they definitely did *not* cache URIs with querystrings unless the cache-control headers permitted it).
And any crawlers I have used are deliberately designed to ignore URIs with querystrings.
In fact, the only objection to this heuristic that I can think of would be that "If it is meant to be posted via a FORM, it should never exist as a raw URI that a crawler would encounter". But this doesn't help edge caches any, and one of the reasons that GET proponents always give for their endearment to this verb is that "a FORM posted through GET can be bookmarked". True, people don't bookmark the page that transfers money from their account, and if they clicked on it they would have difficulty blaming someone else. But search engines in particular are loathe to assume the liability that could arise from randomly submitting forms on behalf of people.
Therefore, I think it is folly to trust POST or GET+querystrings. Few people *do* trust these, and always with a keen sense of the implications. For example, as an edge cache I might go ahead and take the risk that I might be passively caching someone's credit card number, but as a crawler I would be aware that my following a URI with querystring could very well *cause* something to happen and carry a significantly higher risk.