In particular, the convention has been established that the GET and HEAD methods
SHOULD NOT have the signi?¬? cance of taking an action other than retrieval. These
methods ought to be considered ???safe???. This allows user agents to represent other
methods, such as POST, PUT and DELETE, in a special way, so that the user is made
aware of the fact that a possibly unsafe action is being requested.
Naturally, it is not possible to ensure that the server does not generate side-effects as a
result of performing a GET request; in fact, some dynamic resources consider that a
feature. The important distinction here is that the user did not request the side-effects,
so therefore cannot be held accountable for them.
Unfortunately for the safety of the World Wide Web, this section of the specification
is both widely ignored and inaccurate in its implication that the POST method, which
powers web browser actions such as file uploads and form submissions, represents the
desire of a user instead of an automatic action taken on their behalf.
Although recent advances in AJAX have greatly broadened the format in which data
is uploaded to a web site using an HTTP POST method, by far the most common structure
for HTTP requests that change state on the application is the HTML form.
Pages:
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178