Unsafe GET becoming more popular?
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Unsafe GET becoming more popular?
by noah_mendelsohn
::
Rate this Message:
For several years, the canonical example of applications causing unsafe
GETs were emails with confirmation links, as in an email that says "click here to confirm your magazine subscription." Although this is clearly a violation [1] of Web architecture and in particular the HTTP specification [2], one could argue that in practice damage was limited by the fact that offending links occurred in emails, that most of those emails would be unlikely to be managed by the sorts of tools that would aggressively prefetch the links (though some email readers do this when preparing to go into "travel mode"), I think. Anyway, it seems the trouble is getting worse. I just noticed the Twit [3] from JetBlue. It says: "Wisdom of crowds time What's your favorite JetBlue snack http://tr.im/jbsnacks: Blue Chips (1) or Munchies Mix (2) ? http://tinyurl.com/d4gjww" It's not 100% clear that votes are being tallied based on the link you click, but it seems implicit in the "wisdom of crowds" leadin. I suppose that if the Google crawler finds this particular Twit, it will cast one vote for each snack, and move on. Noah [1] http://www.w3.org/2001/tag/doc/whenToUseGet.html#safe [2] http://www.ietf.org/rfc/rfc2616.txt [3] http://twitter.com/JetBlue/statuses/2178983316 -------------------------------------- Noah Mendelsohn IBM Corporation One Rogers Street Cambridge, MA 02142 1-617-693-4036 -------------------------------------- |
|
|
Re: Unsafe GET becoming more popular?
by Dan Connolly
::
Rate this Message:
On Mon, 2009-06-15 at 13:02 -0400, noah_mendelsohn@... wrote:
> [...] I just noticed the Twit > [3] from JetBlue. It says: > > "Wisdom of crowds time > What's your favorite JetBlue > snack http://tr.im/jbsnacks: > Blue Chips (1) or Munchies > Mix (2) ? http://tinyurl.com/d4gjww" > > It's not 100% clear that votes are being tallied based on the link you > click, but it seems implicit in the "wisdom of crowds" leadin. No, votes are cast in twitter replies. This case seems fine, to me. > I suppose > that if the Google crawler finds this particular Twit, it will cast one > vote for each snack, and move on. > > Noah > > [1] http://www.w3.org/2001/tag/doc/whenToUseGet.html#safe > [2] http://www.ietf.org/rfc/rfc2616.txt > [3] http://twitter.com/JetBlue/statuses/2178983316 -- Dan Connolly, W3C http://www.w3.org/People/Connolly/ gpg D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29E |
|
|
Re: Unsafe GET becoming more popular?
by mnot
::
Rate this Message:
My impression was that it was getting better; after the experiences of
the Google prefetcher thingy, and some evangelisation, the majority of the "unsubscribe me" links in e-mails I get lead to a page with a form, not an unsafe GET. YMMV, of course. On 16/06/2009, at 3:06 AM, Dan Connolly wrote: > On Mon, 2009-06-15 at 13:02 -0400, noah_mendelsohn@... wrote: >> [...] I just noticed the Twit >> [3] from JetBlue. It says: >> >> "Wisdom of crowds time >> What's your favorite JetBlue >> snack http://tr.im/jbsnacks: >> Blue Chips (1) or Munchies >> Mix (2) ? http://tinyurl.com/d4gjww" >> >> It's not 100% clear that votes are being tallied based on the link >> you >> click, but it seems implicit in the "wisdom of crowds" leadin. > > No, votes are cast in twitter replies. This case seems fine, to me. > >> I suppose >> that if the Google crawler finds this particular Twit, it will cast >> one >> vote for each snack, and move on. >> >> Noah >> >> [1] http://www.w3.org/2001/tag/doc/whenToUseGet.html#safe >> [2] http://www.ietf.org/rfc/rfc2616.txt >> [3] http://twitter.com/JetBlue/statuses/2178983316 > > -- > Dan Connolly, W3C http://www.w3.org/People/Connolly/ > gpg D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29E > > -- Mark Nottingham http://www.mnot.net/ |
| Free embeddable forum powered by Nabble | Forum Help |
