Joe Gregorio wrote:
Thank you. Now that I understand the point you are trying to make I agree that using POST for this is inappropriate.
Actually, just a minor correction on your nomenclature, the term you should use is 'safe', not 'idempotent', when describing the effect:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1
I understand the distinction very well. I wanted to use GET and was told that the method wasn't safe because it gives up too much information about the client. I say idempotent is important because you will get the same response no matter what, and no signal that any request was accepted or processed.
You will note that it is still possible, if PaceSericeError is adopted today, that mischief will still be possible
since I can still get *your* server to be pinged as having
an invalid feed by *me* tweaking my X-Atom-Error header
and then intentionally invalidating my own feed.
I don't follow your logic. I would just ignore hits from referrers I don't care about.
What can we do?
The only solution that I can see right now that avoids all
of these problems is that the ERROR method be used
and that it only be used on the URI of the feed itself. I.e. if you get any of the error conditions in the Pace
then the client sends the ERROR method back to the URI from which is retrieved the Atom feed.
Also, the utility of sending a request to the resource that's known to be busted could be nil.
Robert Sayre
