[whatwg] A thought: <a href="..." method="post">
Henri Sivonen
hsivonen at iki.fi
Sat May 7 01:43:54 PDT 2005
On May 7, 2005, at 01:55, Ian Bicking wrote:
> I was just thinking about the recent problems introduced by the Google
> Web Accelerator following links that have side effects (the typical <a
> href="form?delete=10">[delete this]</a> stuff).
Links like that are objectively wrong according to RFC 2616 (HTTP 1.1).
Google is free to follow those links without being responsible for the
side effects.
> One of the issues is that doing the Right Thing means creating a form,
> and that effects the UI,
There'd be a design bug somewhere if the UI wasn't affected! When
something looks like a link to, the user has a good reason to expect
that following the link causes a safe retrieval operation. When
something looks like a button, the user has a reason to understand that
pressing the button may cause an unsafe operation.
> One might expect <a href="form?delete=10" method="POST">[delete
> this]</a> to do a post request to "form" with a request body of
> "delete=10".
-1. Makes the safety of links non-obvious to users.
> can be implemented in Javascript fairly easy.
But shouldn't.
> The Google Web Accelerator will still be broken
It is not broken! The server-side apps that use GET for non-safe,
non-idempotent operation are broken.
--
Henri Sivonen
hsivonen at iki.fi
http://hsivonen.iki.fi/
More information about the whatwg
mailing list