[wp-hackers] POST vs. THE WORLD

Matt Mullenweg m at mullenweg.com
Sat Apr 22 21:13:32 GMT 2006 

Elliotte Harold wrote:
> This is a not a little part of the HTTP standard. It is a major part of 
> the foundation. Throwing away the side-effect free nature of GET is like 
>  throwing away natural selection in biology. It's that critical.

Most apps on the web break this, and they seem to be doing fine. As are we.

> It's not simply a question of security. There are other bugs and 
> problems waiting to bite. Caches, load balancers, web accelerators, and 
> more all depend on the side-effect free nature of GET.

No they don't. When they don't recognize how GET is used outside of 
ivory towers, there has been a huge outcry and they've been fixed, as 
with the Google Web Accelerator.

> Oh, one more thing: there is one major development barreling down the 
> road getting ready to smack WordPress's current architecture upside the 
> head. Within a year, APP is going to be a sine qua non for blog 
> publishing; and that's totally dependent on a proper implementation of 
> GET, POST, PUT, and DELETE.

Something I think will hinder its adoption, if it remains so enamored 
with HTTP verbs. There was recently a discussion about relaxing the 
restrictions to allow most APP functionality through POST, though I 
didn't follow where that ended up.

(Tangent.) There has been a disturbing disconnect the past year or so 
between the real world and people writing standards and languages. 
Trading convenience and backward compatibility for academic perfection 
is the reason things like PHP5 and XHTML 1.1 have been abject failures 
in the marketplace. (Single-digit adoption rates.)

> The more right WordPress gets with HTTP now 
> the easier it's going to be to support APP in the near future.

I don't see any connection.

BTW, it has already been demonstrated that switching everything to POST 
would not solve the problem as completely as secure nonces would as you 
can still cross-domain submit forms. Therefore it would be a lot of work 
that would, at best, please a few pedants and bring us into SHOULD 
compliance with a 7+ year old standard no one else supports either.

-- 
Matt Mullenweg
  http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com

More information about the wp-hackers mailing list