[wp-hackers] Forum Help

Mike Little journalized at gmail.com
Sun May 15 09:26:30 GMT 2005


On 15/05/05, Matthew Thomas <mpt at myrealbox.com> wrote:
> Denis de Bernardy wrote:
> >
> >>Google Web Accelerator?
> >
> > Given the problems related to the tool, wouldn't it be a good thing to
> > disable it by default on all wordpress blogs in 1.5.1++?
> >...
> 
> WordPress advertises "Full web standards compliance" as one of its
> features <http://wordpress.org/>. But if WordPress has problems with
> Google Web Accelerator, it is because WordPress is not in compliance
> with the HTTP 1.1 standard
> <http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1>.
> 
> (In particular, WordPress is non-compliant for allowing GET requests to
> delete posts, comments, or pages, to select themes, or to activate
> plug-ins.)
> 
 
Matthew
without wanting to get into a full blown discussion going over old old
ground on this subject, you need to understand that the wording of
IETF RFCs is very specific about 'must' and 'should', etc. Regardless
of how anyone else might interpret these words in any other context.
RFC 2119 has the full details: http://www.faqs.org/rfcs/rfc2119.html

In particular the section of rfc2616 you quote says "GET and HEAD
methods SHOULD NOT ..." Rfc2119 states

4. SHOULD NOT   This phrase, or the phrase "NOT RECOMMENDED" mean that
   there may exist valid reasons in particular circumstances when the
   particular behavior is acceptable or even useful, but the full
   implications should be understood and the case carefully weighed
   before implementing any behavior described with this label.

So, WordPress, along with millions of other web applications (think
web counters), has GET requests which change the state of the server.

Mike
-- 
Mike Little
http://zed1.com/journalized/


More information about the wp-hackers mailing list