[Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations)

[Gerald Oskoboiny]

On Wed, Jul 18, 2001 at 04:01:37PM -0400, Jay R. Ashworth wrote:
> On Wed, Jul 18, 2001 at 12:51:28PM -0700, Chuq Von Rospach wrote:
> > On 7/18/01 12:32 PM, "Jay R. Ashworth" <jra@baylink.com> wrote:
> > > Alas, this is *just like* making the GET active, only worse.
> > 
> > How? I'm confused. Either way, you end up at a page with the confirmation
> > information and an "accept" button (or use whatever terminology you want).
> > 
> > If you think that's wrong, what do you think would work? I'm lost where
> > you're headed here.
> 
> The two suggested approaches were, as I understood them, a URL embedded
> in the mail with a GET that was active and actually *did* the
> unsibscribe, and a URL embedded in the mail with a "pseudo-GET"; that
> is, there is no "?", but the URL is *still* magic, and performs the
> action when the URL is retrieved.
> 
> If I correctly understood your latter suggestion, then that's even
> worse, because 'scoopers' can't even avoid it -- it's not marked as
> 'magic' by the "?" character in the URL.

URLs are not 'magic' just because they have a "?" character in
them; prefetchers can fetch URLs whether or not they have "?"s.
Those URLs could point to news articles or messages in mail archives
or something just as well as anything else.

The way to make a distinction between HTTP requests that have
side effects and those that don't is to use the request method
(get, post, etc); this is what the spec says, and this is what is
implemented in popular sites, HTTP proxies, caches and user agents.

-- 
Gerald Oskoboiny <gerald@impressive.net>
http://impressive.net/people/gerald/