Elliotte Harold wrote:
James M Snell wrote:
Woo hoo! We just reinvented SoapAction! Life is good.
If I wasn't convinced this was a bad idea before, I am now. Didn't
SOAP already teach us what happens when you try to tunnel everything
through POST to get around firewalls?
Here's a thought: some organizations may have good security based
reasons for disallowing PUT or DELETE from some or all addresses. If
so, then they would want those features of APP to be blocked. We
should allow this.
In other words, the ability to selectively block PUT and/or DELETE
while still allowing POST and GET is a feature, not a bug. Servers
using this feature for no good reason should be reconfigured to allow
PUT and DELETE. However we shouldn't make everyone implement it if
they have good reasons not to.
This discussion is all centered around the assumption that there is a
significant user base which can't use PUT and DELETE. However, this is
apparently based on one discussion with Matt Mullenweg -- who himself is
just passing along information he's gotten from his users. So we're
talking about third or fourth hand information here, with no
quantification or details. How many servers are we talking about? How
much traffic? How many of the users are even likely to upgrade to use
the APP? What specific hosting providers impose these restrictions?
And why do are they doing so?
Without data, it seems to me that discussions are mostly speculation.
The details mentioned above are important in determining what kinds of
solutions are actually needed.
-John
