[Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2
Gerald Oskoboiny
gerald@impressive.net
Fri, 13 Jul 2001 16:43:59 -0400
On Fri, Jul 13, 2001 at 04:15:20PM -0400, Barry A. Warsaw wrote:
>
> This the official announcement for Mailman 2.1 alpha 2. [...]
> To view the on-line documentation, see
>
> http://www.list.org/MM21/index.html
> 2.1 alpha 2 (11-Jul-2001)
[ lots of extremely cool stuff deleted ]
> o Subscription confirmations can now be performed via email or
> via URL. When a subscription is received, a unique (sha)
> confirm URL is generated in the confirmation message.
> Simply visiting this URL completes the subscription process.
This violates the HTTP protocol: visiting a URL (i.e., an HTTP GET)
should not have side effects like confirming a subscription.
A few months ago I sent mail to mailman-developers with a suggestion for
how to implement this in a compliant way without hindering usability:
http://mail.python.org/pipermail/mailman-developers/2001-January/003579.html
mid:20010103022646.A31881@impressive.net
I realize that a number of other sites misuse GET this way, but I
think most of the large ones (e.g., Yahoo, online brokerages and
banks, etc.) get it right, and I think Mailman should too.
Further reading on GET vs POST:
Forms: GET and POST
http://www.w3.org/Provider/Style/Input
Axioms of Web architecture: Identity, State and GET
http://www.w3.org/DesignIssues/Axioms#state
HTTP 1.1 section 9.1: Safe and Idempotent Methods
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1
HTML 4.01 section 17.13: Form submission
http://www.w3.org/TR/html4/interact/forms.html#h-17.13
--
Gerald Oskoboiny <gerald@impressive.net>
http://impressive.net/people/gerald/