On Thu, Feb 17, 2000 at 06:55:49PM -0500, Tim Pierce wrote:
> On Wed, Feb 16, 2000 at 06:33:17PM -0500, Gerald Oskoboiny wrote:
> > On Fri, Feb 11, 2000 at 04:34:25PM -0800, Michelle Dick wrote:
> > > <a href="put confirm cgi-url here">Click here to activiate subscription</a>
> >
> > If you do this, please make sure the final step is done with an
> > HTTP POST, not a GET as I've seen various sites do lately.
> >
> > GETting a URL shouldn't have side effects, so if you implement it
> > as described above, the page returned by the first URL should
> > display a form with a button that can be POSTed to perform the
> > actual act of joining or leaving the list.
> >
> > An alternative is to include a small form in the email message so
> > the user can POST it directly with a single click.
> >
> > For more info on this distinction between GET vs POST, see:
> >
> > Forms: GET and POST
> > http://www.w3.org/Provider/Style/Input
>
> I see their point but I think that it's overstated. As long as
> submitting additional GETs doesn't disturb the state of your
> application, I don't believe there's much harm in using GET
> requests this way.
One possible scenario in which harm can result from misusing GETs is:
suppose I have my client/OS configured to prefetch any URLs it sees
so I can read my mail and follow links into my local cache while
taking a train to work.
If one of the messages in my inbox says "click here to unsubscribe"
and it's done with a regular hypertext link (a GET), my prefetching
client will get cause me to be unsubscribed from the list, not at
all what was intended.
> Including a small form in the mail itself is a good idea as long
> as all the clicky clicky clients can handle it. I suspect a lot
> of them are only prepared to deal with A HREF.
I don't think there can be many existing clients in this situation.
I remember there were still a few browsers in use in 1994 that didn't
understand forms, but that's 6 years ago, forever in web years.
--
Gerald Oskoboiny <[EMAIL PROTECTED]>
http://impressive.net/people/gerald/
