Closed nikolaydimitrov closed 9 years ago
According to the RFC, GET method is declared as safe. This means that GET method SHOULD NOT have the significance of taking an action other than retrieval. So, publishing by GET method isn't a good idea.
What are the cases for publishing by GET?
Semantically you are right but actually GET is no safer than a POST. The only reason to do this is to avoid the proxying of AJAX requests and have more responsive interface.
And in the end, this is an option that would be disabled by default and you can turn it on if you want to.
If the reason is only not to proxy AJAX requests, then it will be better to allow Cross-Domain AJAX requests by enabling Cross-Origin Resource Sharing (CORS) for that location in nginx. It's more natural way to implement this.
I think we'll stick to this solution for now as long as IE 7,8 and 9 still exist out there, it's just simpler and it works.
Yeah, IE is an issue ) However, IE8 and IE9 partially supports CORS with some limitations http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx
In some cases it might be needed that publishing could be done only with a GET request and adding a GET handler for publishing would be useful. It takes the whole query string as data parameter (instead of request body in case of POST).
Please let us know if you also think this would be a useful feature.
Regards, Nikolay