Re: LYNX-DEV unofficial v2.6 src module replacements

[Klaus Weide]

On Fri, 18 Oct 1996, Hiram Lester, Jr. wrote:

> On Fri, 18 Oct 1996, Foteos Macrides wrote:
> [...]
> 
> >     Bela's patch is misguided, IMHO, as was the earlier request to
> > stop requiring a lynx.cfg.  I'm taking a vacation from debating such
> > things, but I wouldn't do that. 
> 
> I think it might be a good idea, but there are some issues to be resolved
> about POST content and such which require re-working of other parts of the
> code...  I'll consider this development until that time.
> 
> > I'm surprised that Klaus hasn't
> > discussed the complex considerations and safety issues associated with
> > FORM resubmissions, since he must have been reading the discussions
> > about it in the HTTP-WG list.  The History List is set up to permit
> > taking all the relevant considerations into account (and doesn't, as
> > yet).  I think people should be trained to use that, as explained in
> > the much expended help on the History List.
> 
> He probably will now. :)

Somebody called? :-)

Well, as he said:  Don't mess with POST (unles you know what you are
doing :-) ).  The folks on HTTP-WG take that kind of thing *very* 
seriously, and they and their big brother will come over here and^H^H^H^H^H^H^H

More seriously, POST can be used (and is being used) for others things
than search term submission.  Those thing can include submitting data
where a mistake can have serious consequences (of legal or financial
nature) - at least that's in the design.  While Lynx doesn't always
deal adequately with these concerns yet - one reason being that the 
protocol doesn't make it sufficiently clear what *should* be done IMHO -
it's no good adding to the confusion.  (Bela's patch wouldn't lead
to inadvertant submission of a POST request.  But it could lead to
issuing a GET request for a URL that's meant for a POST.  That could
confuse a user - who might have thought that that link would take him/her
back to where he/she came from.  It could also confuse a server - which
might see something totally unexpected in the middle of some transaction.
Best to be avoided.  A user could still do the equivalent from the 'g'oto
line, but then it wouldn't be Lynx who had mislead the user.)

So I think Bela shouldn't have dismissed Fote's concerns in such a 
cavalier way.  Especially since it seems straigtforward to avoid all
this, by testing for a post_data element in the relevant structures
and *only* make the links "live" if post_data is absent (i.e. ==NULL).

(As for reading the HTTP-WG list, I am not following that consistently
especially since the discussions about "Idempotent" and "Safe-Redo"
became more and more confusing...  but hey, if some of you are wondering
how Fote is spending his vacation, find some archive and read how he
fights it out with the big guys :-)...)

  Klaus


;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;