On Tue, Sep 4, 2018 at 1:44 PM Felipe Gasper <fel...@felipegasper.com> wrote:
> FWIW, it seems to me like, if the HTTP verb being used is, in fact, > “POST”, then a more appropriate term for the proposed fix for the identity > correlation problem identified last week would be “GET-as-POST” rather than > “POST-as-GET”. > > “POST-as-GET” sounds to me like the actual HTTP verb is a GET, but we’re > shoehorning what would normally be a POST over that request. The opposite, > of course, is what is proposed: a POST with an uninteresting payload is > being sent to simulate a GET but with the authentication of a POST. The > pattern of a GET is being sent “as a POST”. > I would be fine either way. It really just depends on which implicit verb you read with the "as" -- "POST-acting-as-GET" or "GET-sent-as-POST". I would prefer not to actually include the verb, just because that gets wordy.. > Alternatively, would it make sense to define a new HTTP verb, e.g., > “FETCH”, for this? > I'm inclined not to do this. We definitely shouldn't actually mint a new HTTP method, since we're not changing the method. As a corollary, we shouldn't write it in all caps (so "Fetch" or "fEtcH" or something). Also, while "fetch" is the obvious verb, it collides with the HTML5 JS API of that name, which supports all methods. --Richard > > -FG > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
