Ruby on Rails | Screencasts | Download | Documentation | Weblog | Community | Source

Ticket #4825 (closed defect: duplicate)

Opened 2 years ago

Last modified 2 years ago

[PATCH] HTTP methods "GET"/"POST" should be uppercase

Reported by: anonymous Assigned to: sam@conio.net
Priority: normal Milestone: 1.2
Component: Prototype Version: 1.1.1
Severity: normal Keywords:
Cc: mislav

Description

See http://annevankesteren.nl/2006/04/http-method

I won't touch severity e.a. but I believe strongly that if we want to have any hope of allowing browsers to fix themselves without breaking the world, we need to stop the spread of the wrong form as soon as possible.

Attachments

ie-5.5-get-post.patch.txt (1.7 kB) - added by nicrizzo@gmail.com on 05/08/06 19:05:08.

Change History

04/20/06 23:36:33 changed by anonymous

  • summary changed from HTTP methods "GET"/"OPEN" should be uppercase to HTTP methods "GET"/"POST" should be uppercase.

04/21/06 00:19:07 changed by madrobby

  • owner changed from thomas@fesch.at to sam@conio.net.

05/08/06 19:05:08 changed by nicrizzo@gmail.com

  • attachment ie-5.5-get-post.patch.txt added.

05/08/06 19:35:15 changed by nicrizzo@gmail.com

  • status changed from new to closed.
  • resolution set to fixed.
  • summary changed from HTTP methods "GET"/"POST" should be uppercase to [PATCH] HTTP methods "GET"/"POST" should be uppercase.

Weblogic and Tomcat accept "POST" and "GET", in upper case; I guess new browsers convert them, but ie 5.5 don't.

05/08/06 19:53:37 changed by anonymous

  • status changed from closed to reopened.
  • resolution deleted.

05/08/06 20:09:11 changed by bitsweat

  • version set to 1.1.1.
  • milestone set to 1.1.

05/20/06 08:11:23 changed by anonymous

  • status changed from reopened to closed.
  • resolution set to fixed.

05/20/06 11:37:28 changed by Martin Bialasinski

  • status changed from closed to reopened.
  • resolution deleted.

No closing without explanation.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.1 specifies the request method has to be uppercase.

05/20/06 13:23:23 changed by james@imajes.info

Martin -

the spec does not say it has to be uppercase: it says that the method is case sensitive and that the authors have chosen to uppercase the standard verbs.

this means that post != POST != PoST

but it also means that you should be able to handle POST and post seperately, and that a server may well indeed intend to. A good example of this is a secured / hardened hacked server, which has POST for untrusted input, and post for trusted input, or a server that uses POST for form submission but post for API requests.

This is an unusual use, and granted misguided - the potential for confusion is high - and so I do support the use of only uppercase verbs where the verb is predefined (such as GET,POST,PUT,etc)

a recurrent problem is that because authors are getting this confused, and there is case sensitivity (often a bad idea) browser and server authors have tended to ignore and interpret the action themselves - some browsers convert to uppercase, some servers match insensitively. Therefore the patch attached seems bogus - it doesn't understand that POST != post - but so many authors get this wrong too, that fixing it properly is also not possible.

I vote to just make the following patch to change the method -

9 - method: 'post', 10 + method: 'POST',

and forget about making the comparisons case sensitive - it makes assumptions that we should not be making.

05/22/06 10:26:42 changed by nicrizzo@gmail.com

And 'GET'? Authors will always write 'POST' and 'GET' in their code and

18 - if (this.options.method == 'get' && parameters.length > 0) 19 + if (this.options.method == 'GET' && parameters.length > 0)

33 - this.transport.send(this.options.method == 'post' ? body : null); 33 + this.transport.send(this.options.method == 'POST' ? body : null);

42 - if (this.options.method == 'post') { 43 + if (this.options.method == 'POST') {

without back compatibility with older versions of Prototype, is it correct? Sorry for my (bad) English!

Nicola

06/05/06 00:29:35 changed by ryandesign

Related to #4656.

10/09/06 09:53:50 changed by mislav

  • cc set to mislav.

This ticket is now superseded by #6366.

10/09/06 20:34:04 changed by mislav

  • status changed from reopened to closed.
  • resolution set to duplicate.

Closing this in favor of big patch in #6366

In it, HTTP method case is handled (internally) in lowercase, and is uppercased prior to opening a connection. User can specify it in uppercase also; doesn't change things.