[Mailman-Users] GET vs POST (was Re: subscription confirmations)

Barry A. Warsaw barry at digicool.com
Tue Jul 17 06:16:06 CEST 2001

I have a couple of questions and comments, and then I /really/ need to
get some sleep, so I'll follow up with more tomorrow.

If state changing GETs break the standards, then why does e.g. Apache
by default allow you to GET a cgi program?  Apache is the most common
web server (certainly on Mailman-friendly OSes) so I would think that
it should adhere to the specs pretty closely.

Aren't the majority of cgi programs of a state-changing nature?  Sure,
you've got your odd search interface, but even a script like Mailman's
private.py changes state: you get authenticated and a cookie gets
dropped, and now your interactions are governed by a change in state.

Wouldn't it therefore make sense for Apache to in general disallow
GETs to programs by default, with some enabling technique to allow
specific state-neutral programs to be GETted?

I'll also mention that it seems to me that strict adherence to this
rule would be pretty harmful to a platform like Zope, where urls are
really encoded object access and execution commands (like RPC via

sleepi-ly y'rs,

More information about the Mailman-Users mailing list