On Tue, 17 Jul 2001, Barry A. Warsaw wrote:
If state changing GETs break the standards, then why does e.g. Apache by default allow you to GET a cgi program?
A CGI program that has no side-effects and simply dynamically generates content wouldn't be a violation.
Wouldn't it therefore make sense for Apache to in general disallow GETs to programs by default, with some enabling technique to allow specific state-neutral programs to be GETted?
No, not to me, anyway.
I'll also mention that it seems to me that strict adherence to this rule would be pretty harmful to a platform like Zope, where urls are really encoded object access and execution commands (like RPC via urls).
Sounds like a bad choice.
ROGER B.A. KLORESE rogerk@QueerNet.ORG PO Box 14309 San Francisco, CA 94114 "Go without hate. But not without rage. Heal the world." -- Paul Monette