undefined | Better HN

0 pointsrosser15y ago0 comments

GET must never have side effects. POST, PUT, DELETE always have side effects.

Pedantry: because they're supposed to be idempotent, POST, PUT, and DELETE should only have side-effects the first time they're issued against a given resource.

Also, RFC 2616 uses "SHOULD NOT", as opposed to "MUST NOT" to describe the behavior of the "safe methods". To wit, "in particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval."

0 comments

3 comments · 2 top-level

cperciva15y ago· 1 in thread

POST is not idempotent. POST is explicitly what you should use for non-idempotent operations.

This is why your web browser issues "need to resend a form" warnings when you return to earlier pages.

rosserOP15y ago

Oops. Looks like, when I double-checked the RFC, my brain stuck POST in there. That'll show me for trying to be pedantic in the middle of doing thirteen other things.

Thanks for the correction.

tmhedberg15y ago

POST is not defined to be idempotent, although you're correct about PUT and DELETE.

j / k navigate · click thread line to collapse