canvas 2d context
Encrypted Media Extensions
HTML 5 spec
HTML 5: The Markup Language
HTML WG website
HTML5 differences from HTML4
HTML5 Spec - PR Blockers
Media Source Extensions
pre-LC1 alt techniques
pre-LC1 authoring guide
pre-LC1 HTML 5 spec
Erika Doyle Navara
Philippe Le Hégaret
Joshue O Connor
"18.104.22.168. Hyperlink auditing" states:
"For URIs that are HTTP URIs, the requests must be performed using the POST method (with an empty entity body in the request)."
This seems to be the wrong approach, as POST is an unsafe method, about which RFC2616 (HTTP/1.1) states:
"9.1.1 Safe Methods
Implementors should be aware that the software represents the user in
their interactions over the Internet, and should be careful to allow
the user to be aware of any actions they might take which may have an
unexpected significance to themselves or others.
In particular, the convention has been established that the GET and
HEAD methods SHOULD NOT have the significance of taking an action
other than retrieval. These methods ought to be considered "safe".
This allows user agents to represent other methods, such as POST, PUT
and DELETE, in a special way, so that the user is made aware of the
fact that a possibly unsafe action is being requested.
Naturally, it is not possible to ensure that the server does not
generate side-effects as a result of performing a GET request; in
fact, some dynamic resources consider that a feature. The important
distinction here is that the user did not request the side-effects,
so therefore cannot be held accountable for them."
Emphasis on: "The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them."
A user who follows a link clearly does not request any side-effects, so using POST here seems to be in conflict with RCF2616.
Proposal: use GET or HEAD instead.
Add notes (no markup allowed, URIs get automatically hyperlinked):
Related mailing list thread starts with <http://lists.w3.org/Archives/Public/public-html/2007Oct/0337.html>.
According to <http://lists.w3.org/Archives/Public/public-html/2007Oct/0344.html>, the rational for using POST actually was that following the link is considered an unsafe operation, because it may result in money being exchanged -- for instance because the link being followed was an advertisement.
Julian says we have made no new progress on this.
MikeSmith to take this to group for resolution
see also ISSUE-2 re requirement for ping
demoting unscheduled issues to RAISED as discussed in http://lists.w3.org/Archives/Public/public-html-wg-issue-tracking/2008Aug/0005.html
Moved to Open based on submitted Change Proposal.
Spec changes have now been made. Closed by consensus to adopt a Change Proposal.