[wp-hackers] POST vs. THE WORLD
m at mullenweg.com
Sat Apr 22 21:13:32 GMT 2006
Elliotte Harold wrote:
> This is a not a little part of the HTTP standard. It is a major part of
> the foundation. Throwing away the side-effect free nature of GET is like
> throwing away natural selection in biology. It's that critical.
Most apps on the web break this, and they seem to be doing fine. As are we.
> It's not simply a question of security. There are other bugs and
> problems waiting to bite. Caches, load balancers, web accelerators, and
> more all depend on the side-effect free nature of GET.
No they don't. When they don't recognize how GET is used outside of
ivory towers, there has been a huge outcry and they've been fixed, as
with the Google Web Accelerator.
> Oh, one more thing: there is one major development barreling down the
> road getting ready to smack WordPress's current architecture upside the
> head. Within a year, APP is going to be a sine qua non for blog
> publishing; and that's totally dependent on a proper implementation of
> GET, POST, PUT, and DELETE.
Something I think will hinder its adoption, if it remains so enamored
with HTTP verbs. There was recently a discussion about relaxing the
restrictions to allow most APP functionality through POST, though I
didn't follow where that ended up.
(Tangent.) There has been a disturbing disconnect the past year or so
between the real world and people writing standards and languages.
Trading convenience and backward compatibility for academic perfection
is the reason things like PHP5 and XHTML 1.1 have been abject failures
in the marketplace. (Single-digit adoption rates.)
> The more right WordPress gets with HTTP now
> the easier it's going to be to support APP in the near future.
I don't see any connection.
BTW, it has already been demonstrated that switching everything to POST
would not solve the problem as completely as secure nonces would as you
can still cross-domain submit forms. Therefore it would be a lot of work
that would, at best, please a few pedants and bring us into SHOULD
compliance with a 7+ year old standard no one else supports either.
http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com
More information about the wp-hackers