[Next] [Previous] [Up] [Top] [Full Contents] [Search]

11. Security Considerations

11.2 Idempotent Methods

The writers of client software should be aware that the software represents the user in their interactions over the net, and should be careful to allow the user to be aware of any actions they may take which may have an unexpected significance to themselves or others.

In particular, the convention has been established that the GET and HEAD methods should never have the significance of taking an action. The link "click here to subscribe"--causing the reading of a special "magic" document--is open to abuse by others making a link "click here to see a pretty picture." These methods should be considered "safe" and should not have side effects. This allows the client software to represent other methods (such as POST, PUT and DELETE) in a special way, so that the user is aware of the fact that an action is being requested.

T. Berners-Lee, R. T. Fielding, H. Frystyk Nielsen - 12 MAR 95

[Next] [Previous] [Up] [Top] [Full Contents] [Search]

Generated with CERN WebMaker