On May 7, 2005, at 01:55, Ian Bicking wrote:
I was just thinking about the recent problems introduced by the Google Web Accelerator following links that have side effects (the typical <a href="form?delete=10">[delete this]</a> stuff).
Links like that are objectively wrong according to RFC 2616 (HTTP 1.1). Google is free to follow those links without being responsible for the side effects.
One of the issues is that doing the Right Thing means creating a form, and that effects the UI,
There'd be a design bug somewhere if the UI wasn't affected! When something looks like a link to, the user has a good reason to expect that following the link causes a safe retrieval operation. When something looks like a button, the user has a reason to understand that pressing the button may cause an unsafe operation.
One might expect <a href="form?delete=10" method="POST">[delete this]</a> to do a post request to "form" with a request body of "delete=10".
-1. Makes the safety of links non-obvious to users.
can be implemented in Javascript fairly easy.
But shouldn't.
The Google Web Accelerator will still be broken
It is not broken! The server-side apps that use GET for non-safe, non-idempotent operation are broken.
-- Henri Sivonen [EMAIL PROTECTED] http://hsivonen.iki.fi/
