Hi,
I just signed up for a FriendFeed account and when I clicked on the
link to verify my email address it automatically confirmed my account.
Instead of confirming the account immediately you should display a
short web form that the user must POST to confirm; using HTTP GET for
this violates the HTTP and HTML standards.
Further reading on GET vs POST:
URIs, Addressability, and the use of HTTP GET and POST
http://www.w3.org/2001/tag/doc/whenToUseGet.html
Forms: GET and POST
http://www.w3.org/Provider/Style/Input
Axioms of Web architecture: Identity, State and GET
http://www.w3.org/DesignIssues/Axioms#state
HTTP 1.1 section 9.1: Safe and Idempotent Methods
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1
HTML 4.01 section 17.13: Form submission
http://www.w3.org/TR/html4/interact/forms.html#h-17.13
thanks!
