Does the Web go beyond serving browser clients?

Article:
Kicking out the Cuckoo

Subject: Does the Web go beyond serving browser clients?

Date: 2002-04-27 20:48:43

From: Mark Baker

Response to: Does the Web go beyond serving browser clients?

"But is this type of HTTP abuse really "harmful" to the operation of the Internet?"

Not to the Internet, but it is harmful to the Web, because POST can't be trusted to mean POST. With POST, the server gets to decide the function that is performed, not the client. That's why it gets through firewalls. Putting a method name in the POST body changes that.

Think of it like drag-and-drop. When you drop a file on the trash folder, you don't also have to specify the method to be invoked.

"(Most CGI scripts are guilty of the same abuse of HTTP POST application semantics.)"

No they're not actually. The vast majority just accept content POSTed to them from a form, which almost always uses POST to mean POST.

BTW, to respond to your subject line, yes the Web goes beyond browsers. It's for any HTTP client. Google isn't a browser is it?

MB

Previous Message Up Next Message

Sponsored By:

© 2008, O'Reilly Media, Inc.
(707) 827-7000 / (800) 998-9938
All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.

About O'Reilly
Privacy Policy
Contacts
Authors
Press Room
Jobs
User Groups
Academic Solutions
Newsletters
Writing for O'Reilly
RSS Feeds

Other O'Reilly Sites
O'Reilly Radar
Ignite
Tools of Change for Publishing
Digital Media
Inside iPhone
O'Reilly FYI
makezine.com
craftzine.com
hackzine.com
perl.com
xml.com

Sponsored Sites
Inside Aperture
Inside Lightroom
Inside Port 25
InsideRIA
java.net