[Mailman-Developers] Re: [Mailman-Users] [ANNOUNCE] Mailman 2.1 alpha 2
Fri, 13 Jul 2001 16:43:59 -0400
On Fri, Jul 13, 2001 at 04:15:20PM -0400, Barry A. Warsaw wrote:
> This the official announcement for Mailman 2.1 alpha 2. [...]
> To view the on-line documentation, see
> 2.1 alpha 2 (11-Jul-2001)
[ lots of extremely cool stuff deleted ]
> o Subscription confirmations can now be performed via email or
> via URL. When a subscription is received, a unique (sha)
> confirm URL is generated in the confirmation message.
> Simply visiting this URL completes the subscription process.
This violates the HTTP protocol: visiting a URL (i.e., an HTTP GET)
should not have side effects like confirming a subscription.
A few months ago I sent mail to mailman-developers with a suggestion for
how to implement this in a compliant way without hindering usability:
I realize that a number of other sites misuse GET this way, but I
think most of the large ones (e.g., Yahoo, online brokerages and
banks, etc.) get it right, and I think Mailman should too.
Further reading on GET vs POST:
Forms: GET and POST
Axioms of Web architecture: Identity, State and GET
HTTP 1.1 section 9.1: Safe and Idempotent Methods
HTML 4.01 section 17.13: Form submission
Gerald Oskoboiny <email@example.com>