https://bugzilla.wikimedia.org/show_bug.cgi?id=44602
Matthew Flaschen <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #7 from Matthew Flaschen <[email protected]> --- (In reply to Jesús Martínez Novo (Ciencia Al Poder) from comment #1) > Also, the plugin is bad designed, since it should send HEAD requests, not > GET ones. HEAD requests shouldn't trigger rollback (and if they do, that's a > bug). Actually, it's MediaWiki with the issue. As reported, GET and HEAD requests should never change state. Per http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.1 : "In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe"." I don't know whether we want to fix this for existing features (however, it *can* be done in such a way as users with JS see exactly the same user experience and it still works with no-JS, albeit with an extra step). However, no new GET or HEAD methods that take actions should be introduced. Recently developed features, such as Thanks, show how to follow this guideline in practice (uses AJAX with the API requiring POST and a token, with a no-JS fallback that has a nice interface and uses POST, i.e. https://en.wikipedia.org/wiki/Special:Thanks/123) -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
