Re: GET and referer security considerations

Patrick McManus (mcmanus@appliedtheory.com)
Thu, 3 Jul 1997 09:16:18 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Graham Klyne: "Re: draft-ietf-http-negotiation-02.txt"
Previous message: Graham Klyne: "Re: HTTP/1.1 & Proxies"
In reply to: David W. Morris: "Re: GET and referer security considerations"
Next in thread: David W. Morris: "Re: GET and referer security considerations"
Reply: David W. Morris: "Re: GET and referer security considerations"

In a previous episode David W. Morris said...

:: On Wed, 2 Jul 1997, Andrew Daviel wrote:
:: 
:: > 
:: > I think the convention is to use POST for submitting information and GET
:: > for queries (like search engines). POST results may not be cached; so
[...]

:: 
:: This is another example of a broken relationship between the history
:: list and caching. I don't know if your example is a POST but there is
:: a possiblity that what you are seeing from the server has an 
:: exception HTTP status (not 200, etc.) which the browsers refuse
:: to leave alone in the history list but insist in resubmitting each
:: time.

David is correct here of course.. but this does bring the
safe-post/get-w-body/safe-uahint questions back to the table.

what's the status of draft-ietf-http-uahint-00.txt with respect to
2068?

-P

Next message: Graham Klyne: "Re: draft-ietf-http-negotiation-02.txt"
Previous message: Graham Klyne: "Re: HTTP/1.1 & Proxies"
In reply to: David W. Morris: "Re: GET and referer security considerations"
Next in thread: David W. Morris: "Re: GET and referer security considerations"
Reply: David W. Morris: "Re: GET and referer security considerations"