GET makes it possible to delete from a browser address bar,
which you can not do with DELETE :)
As for POST vs. GET - don't let REST purists hear you. :)
Actually, isn't there a DELETE HTTP method that REST purists
would say should be used in case of doc deletion?
Sounds like web designer's fault. No permission check and no
confirmation for deletion?
Never, never delete with a GET. The Ultraseek spider deleted 20K
docments on an intranet once because they gave it admin perms and
it followed the delete this page link on every page.
The spider was given an admin login so it could access all
content. Reasonable decision if the pages had been designed well.
Even with a confirmation, never delete with a GET. Use POST.
If the spider ever discovers the URL that the confirmation
uses, it will still delete the content.
Luckily,
On Wed, Jun 18, 2008 at 1:55 PM, JLIST [EMAIL PROTECTED] wrote:
Sounds like web designer's fault. No permission check and no
confirmation for deletion?
Nope ... application designer's fault for misusing the web. Allowing
deletes on a GET violates HTTP/1.1 requirements (not just RESTful
ones)
The implementation may provide a form where user can
type in a doc id to delete or a lucene query
if it is a POST so be it.
But let us have the functionality
--Noble
On Thu, Jun 19, 2008 at 2:40 AM, Craig McClanahan [EMAIL PROTECTED] wrote:
On Wed, Jun 18, 2008 at 1:55 PM, JLIST [EMAIL