Read-Write Web
Author(s) and publish date
- By:
-
-
Yves Lafon
-
- Published:
HTTP is mostly used in two ways, to read or to send data to a resource, that translates into two HTTP verbs: GET and POST. But those are not the sole ones, and one is used to edit documents: PUT.
There are multiple ways to edit documents, and amongst the most popular, we can find Wikis and Weblogs, both using POST to send data (be it an intermediate-level description language like in Wikis, or just plain content, ready to be formatted server-side, like in Weblogs). But one of the oldest one, is via graphical editors using the PUT method.
Of course the developement of tools, like browsers or servers has been done without edition in mind. This leads to several issues for editing clients, but also for servers.
One of the example is the use of "Directory Indexes". Most people like clean URIs, like http://www.example.com/ instead of http://www.example.com/index.php plus hiding the 'php' part in the previous example hides the technology in use and enhance a bit security. But it has a drawback: Suppose you started to edit http://www.example.com/ and you want to save it. Where will it go? If there is only one possibility, the server may decide for you, but if someone added index.html or Overview.php, there is no way to edit the "right" resource, unless you have another piece of information.
In HTTP, there are lots of headers, those headers can provide information on the entity, the request or response, or at the connection level. One of them, used to give additional information on the entity served is 'Content-Location'. Its purpose is to identify the real URI of the entity served. In the example above, doing a GET on http://www.example.com/ would result in having Content-Location: http://www.example.com/index.html sent back, giving the hint to the editing software that the PUT has to be done at this specific URI, to avoid any ambiguity.
Of course, it could reveal that you are using a specific technology to serve pages, but there are other ways to hide that than just not sending the right information. If you use dynamic content, and hence make it impossible for an editor to use PUT-based tools, then the server can send another information about the resource served, by sending an 'Allow' header.
Blogs and Wikis only edit parts of pages, so i think a POST is acceptable.
That was the rationale for the Atom Publishing Protocol people i think. You POST a new blog entry to an existing feed, instead of PUTing it into a directory.