On 6/19/07, Stefan Tilkov <[EMAIL PROTECTED]> wrote: > On Jun 19, 2007, at 10:08 AM, Marc de Graauw wrote: > > > Stefan Tilkov: > > > > | > So I'm assuming there is no issue with > > | > outlawing PUT (within a system) on new resources and just > > | using POST? > > | > > | PUT is nice because it's [supposed to be] idempotent. POST is not. > > | This means that a client is allowed (within REST's constraints) to > > | retry a PUT if it hasn't received a response. > > > > Right, but POST isn't necessarily non-idempotent: it may be > > idempotent or > > not. > > > > You are right, I should have written "PUT is defined to be idempotent > (by the spec), POST is not - which means POST can or cannot be > idempotent". Seems a little like splitting hairs, but OK.
Not quite. POST is defined to be non-idempotent, i.e. if you see an HTTP message with a POST request method, then that message is a non-idempotent message. What any particular receiving implementation *does* with such a message - idempotent or not - is an entirely separate issue. FWIW, this is the same reasoning that answers the question "Isn't logging a GET request unsafe?" Mark.
