Ian Bicking: the old part of his blog

Gwa and rfc 2616 comment 000

In the example you give, why not use a two-stage delete? The anchor "delete this address" would take the user agent to a confirmation that yes, indeedy, they'd love to delete the address. Then the actual deletion would be a POST, since the form has trouble with its being a DELETE.

I don't want to do that because sometimes deletes aren't that big a deal. Maybe they are undoable. Maybe it's assumed that lots of deletes happen. It's a UI concern, and sometimes it's appropriate to allow quick actions. It would be totally backwards to have HTTP methods driving the UI decisions like that.

With regard to the reading of mail, "reading" is a kind of GET. How do you tell the difference between a real person and a robot before you change the state?

You put it behind authentication where robots can't get to. Until Google uses users as a their trojan horse to get their robot claws on all the data hidden behind actions it can't take (because of robots.txt, POST forms, authentication, etc). Not that they are necessarily so sinister... but it's not impossible that they do intend to use GWA users as a way to find data they can't find on their own.

Comment on Re: Gwa and rfc 2616 comment 000
by Ian Bicking

Comments:

Delete causes data loss, and thus is always a big deal. Think about how you use the trash can in your kitchen (or [=rm], if you prefer). Tossing something is an intentional act. Accidentally tossed the $50 Amazon gift certificate in the bin with the junk mail? You might want to retrieve that. If your trash can is an incinerator, you look twice at everything you toss in, or throw a whole bin's worth once a week. Maybe the action is undoable, and maybe it does need to be quick, but neither requires using a GET.

In the mail example, consider non-web mail user agents. They copy the messages from the server to your desk, but have you read those messages? No. Why should the cacheing of mail by your HTTP user agent indicate that the mail has been read?

# Will Cox

Delete causes data loss, and thus is always a big deal. Think about how you use the trash can in your kitchen. Tossing something is an intentional act. Accidentally tossed the $50 Amazon gift certificate in the bin with the junk mail? You might want to retrieve that. If your trash can is an incinerator, you look twice at everything you toss in, or throw a whole bin's worth once a week. Maybe the action is undoable, and maybe it does need to be quick, but neither requires using a GET.

In the mail example, consider non-web mail user agents. They copy the messages from the server to your desk, but have you read those messages? No. Why should the caching of mail by your HTTP user agent indicate that the mail has been read?

# Will Cox