XML-RPC and http
Tue, 7 Aug 2001 07:19:27 -0400 (EDT)
> In the examples of Blogger and iVillage you gave earlier you
> claimed the issue was that they used POST to log in.
Look again. Blogger uses POST for every form on the HP, idempotent or
> POST *is* the correct method to use for log in! Logging in is a
> side-effect, no?
http is stateless, so logging in produces no side effect. Saying "Show
me the present state of my in-box" is no more a side effect than
saying "Show me the present state of a stock price."
The reason MSFT, to take but one example, uses GET for stock quotes
but POST for a Hotmail login has nothing do do with side effects and
everything to do with POST not showing the passwd in the query
> I agree, it is not enforced by the HTTP implementation (i.e.
> your web browser will still work if someone uses POST instead of
Yep, a usage you yourself defend (except, for some reason, when its
used by XML-RPC.)
> ... but as I've mentioned several times before its enforced by
> Google, bookmarking, linking, caching, etc. -- all those good things
> which are built upon the foundation of URIs.
Nope. The semantics of *GET* are enforced by things like bookmarking
and linking. The semantics of POST are not enforced by anything. This
leaves us with the situation we have today, where POST is a general
> Aha, even your New York webmasters know when to use GET!
Sure, they know when to use GET -- only when POST can't be used as the
default. They use POST as a general purpose tool for getting data to
the server. Just like XML-RPC does.
> Great! The browser itself is enforcing the restrictions of the
> RFC. What's the big deal?
No its not. The browser does nothing to make the use of POST
contingent on producing side effects.
> I'm not even sure what you mean here. People use GET when they
> want folks to bookmark pages and send them to their friends;
> Google, a web archiving tool, etc.) to make unsuspecting users
> automagically do an action (like buy a book on Amazon).
Did you even read what I wrote? Not one person made the distinction
you make here. They use POST as the default tool for getting data to
> Your NYC web designers have made this choice easier: default to
> POST, use GET when folks need to bookmark it. In doing so, they make
> the right choices.
So again: what's wrong with XML-RPC defaulting to POST?