[whatwg] <a href="" ping="">

S. Mike Dierken mike at dierken.com
Tue Oct 25 20:52:42 PDT 2005


> I'm not sure where this idea has come from that sending POSTs 
> is inherently unsafe (which, by the way, no-one has offered a 
> good explanation for yet).
POST requests are unsafe because the intent is to modify the data identified
by the resource - data modification is tagged as being 'unsafe'.
This is a narrow definition of 'unsafe' and is only in relation to GET, HEAD
and OPTIONS where the user is not liable for changes/damages that may happen
due to those requests. They are however liable for changes that are a result
of POST (or PUT or DELETE).

In this use case of notifying trackers, I earlier called it 'unsafe' because
I mixed up concerns of privacy and hijacking pages with this use. That was
incorrect.

> 
> There's nothing wrong with POST being used for this purpose 
> IMHO, but I'd be very interested to hear arguments to the contrary.
I now agree - state is being transferred from the client to the server.




More information about the whatwg mailing list