On Wed, Jun 18, 2008 at 1:55 PM, JLIST wrote:
Sounds like web designer's fault. No permission check and no
confirmation for deletion?
Nope ... application designer's fault for misusing the web. Allowing
deletes on a GET violates HTTP/1.1 requirements (not just RESTful
ones) that GET requests not have side effects, so an app that works
that way is going to mess up when HTTP caching is in use ... as lots
of people found to their chagrin when they installed Google Desktop's
caching capabilities, and the cache played by the standard HTTP rules
(GETs are supposed to be idempotent, having no side effects, so it's
just fine to issue the same GET as many times as desired.

If you want an easy way to do deletes from a browser, just set up a
little form that does a POST and includes the id of the document you
want to delete. Then you're playing by the rules, and won't make a
fool of yourself when crawlers or caches interact with your

Craig McClanahan
Never, never delete with a GET. The Ultraseek spider deleted 20K
docments on an intranet once because they gave it admin perms and
it followed the "delete this page" link on every page.

Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 9 of 10 | next ›
Discussion Overview
groupsolr-user @
postedJun 18, '08 at 8:14a
activeJun 19, '08 at 3:54a



site design / logo © 2018 Grokbase