[Mailman-Users] GET vs POST (was Re: subscription confirmations)
Barry A. Warsaw
barry at digicool.com
Tue Jul 17 06:16:06 CEST 2001
I have a couple of questions and comments, and then I /really/ need to
get some sleep, so I'll follow up with more tomorrow.
If state changing GETs break the standards, then why does e.g. Apache
by default allow you to GET a cgi program? Apache is the most common
web server (certainly on Mailman-friendly OSes) so I would think that
it should adhere to the specs pretty closely.
Aren't the majority of cgi programs of a state-changing nature? Sure,
you've got your odd search interface, but even a script like Mailman's
private.py changes state: you get authenticated and a cookie gets
dropped, and now your interactions are governed by a change in state.
Wouldn't it therefore make sense for Apache to in general disallow
GETs to programs by default, with some enabling technique to allow
specific state-neutral programs to be GETted?
I'll also mention that it seems to me that strict adherence to this
rule would be pretty harmful to a platform like Zope, where urls are
really encoded object access and execution commands (like RPC via
More information about the Mailman-Users