Lists Home |
Date Index |
John Cowan wrote:
> I don't believe there's any problem with using POST for idempotent
> queries, only in using GET for non-idempotent ones.
Well in general, it disables caching, even when caching makes sense. It
makes firewalling harder because the security admin has less information
about what is being done. A reasonable policy for a machine that is only
supposed to serve information might be to allow GETs but restrict POSTs.
> ... As for success
> and failure, that's a matter of level. When my application returns
> a "search failed" message to the client, the HTTP code is 200.
SOAP is not an application. Actually, it seems like the most recent SOAP
spec does as I prefer and does map SOAP errors to HTTP errors. So that
complaint is no longer accurate.