Re: PaceServiceError GET vs. POST (was Re: AtomPubIssuesList)

[Graham <dtcd@xxxxxxx>]

On 22 Jun 2004, at 5:42 pm, Robert Sayre wrote:

> There are lots of reasons to use a GET. The main one is that the 
> request to the ErrorURI should be considered safe by the client:
>
> "Naturally, it is not possible to ensure that the server does not 
> generate side-effects as a result of performing a GET request; in 
> fact, some dynamic resources consider that a feature. The important 
> distinction here is that the user did not request the side-effects, so 
> therefore cannot be held accountable for them." [1]
>
> There is no message body in the request, and requests to the ErrorURI 
> are not intended to alter any resource on the server.

It most certainly is not safe. Say, for whatever reason, someone's 
ErrorURI ends up in Google's spider. The spider never sends a POST, but 
will happily GET a resource a million times. Thus every time Google 
spiders that ErrorURI, that person starts running around looking for an 
error. POST is what you're looking for.

Graham

Attachment: smime.p7s
Description: S/MIME cryptographic signature