[whatwg] <a href="" ping="">
S. Mike Dierken
mike at dierken.com
Tue Oct 25 20:52:42 PDT 2005
> I'm not sure where this idea has come from that sending POSTs
> is inherently unsafe (which, by the way, no-one has offered a
> good explanation for yet).
POST requests are unsafe because the intent is to modify the data identified
by the resource - data modification is tagged as being 'unsafe'.
This is a narrow definition of 'unsafe' and is only in relation to GET, HEAD
and OPTIONS where the user is not liable for changes/damages that may happen
due to those requests. They are however liable for changes that are a result
of POST (or PUT or DELETE).
In this use case of notifying trackers, I earlier called it 'unsafe' because
I mixed up concerns of privacy and hijacking pages with this use. That was
incorrect.
>
> There's nothing wrong with POST being used for this purpose
> IMHO, but I'd be very interested to hear arguments to the contrary.
I now agree - state is being transferred from the client to the server.
More information about the whatwg
mailing list