[whatwg] <a href="" ping="">

Jasper Bryant-Greene jasper at album.co.nz
Tue Oct 25 22:59:48 PDT 2005


On Tue, 2005-10-25 at 22:50 -0700, Mike Dierken wrote:
> > S. Mike Dierken wrote:
> > >> I'm not sure where this idea has come from that sending POSTs is 
> > >> inherently unsafe (which, by the way, no-one has offered a good 
> > >> explanation for yet).
> > > 
> > > POST requests are unsafe because the intent is to modify the data 
> > > identified by the resource - data modification is tagged as 
> > being 'unsafe'.
> > 
> > I think your confusing this with the fact that using GET 
> > requests for data modification is unsafe, and seem to be 
> > saying that POST is unsafe when used as intended!?
> > 
> Yes - I'm trying to use the terms 'safe' and 'unsafe' to mean 'read-only'
> and 'not read-only', respectively. 
> That's the usage of 'safe' and 'unsafe' with respect to HTTP that I'm
> familiar with.
> 
> For example, which (if any) of the following two FORMs is 'safe':
> 
> <form method='GET' action='../cgi-bin/nifty.cgi'>
>  <input type='submit' value='go' />
> </form>
> 
> <form method='POST' action='../cgi-bin/nifty.cgi'>
>  <input type='submit' value='go' />
> </form>
> 

I don't see anything particularly unsafe about either of them, but I
think I can see what you're getting at.

Perhaps "without side-effects" or "idempotent" might be better
descriptions than "safe"? The above two forms both look like they're
doing exactly what they were intended to do, and therefore don't seem
"unsafe" at all...

-- 
Jasper Bryant-Greene
General Manager
Album Limited

e: jasper at album.co.nz
w: http://www.album.co.nz/
p: 0800 4 ALBUM (0800 425 286) or +64 21 232 3303
a: PO Box 579, Christchurch 8015, New Zealand



More information about the whatwg mailing list