[tahoe-lafs-trac-stream] [tahoe-lafs] #1485: web-API: POSTs and GETs should be to distinct URLs

[tahoe-lafs]

#1485: web-API: POSTs and GETs should be to distinct URLs
-------------------------------+---------------------------
 Reporter:  davidsarah         |          Owner:
     Type:  defect             |         Status:  new
 Priority:  major              |      Milestone:  undecided
Component:  code-frontend-web  |        Version:  1.8.2
 Keywords:  newurls http       |  Launchpad Bug:
-------------------------------+---------------------------
 When a web browser displays a page that is the result of an HTTP POST
 request, the URL that it displays in the address bar is the target of the
 POST, without any query parameters.

 If the user cuts-and-pastes or otherwise transfers that URL as a string,
 then the recipient will probably try to do a GET request on it. If it is
 also valid for GET requests but fetches something different from the
 result of the POST, then the user's expectations (based on a perfectly
 reasonable intuitive understanding of the REST architecture) may be
 violated.

 The Tahoe-LAFS web-API does define POST and GET requests that are valid
 for the same URL (for example, the POST done by the 'Check' form on an
 Info page is sent to the same URL as a GET request for the file contents).
 To avoid the above problem, we should start using a different URL for POST
 requests, which returns an error for GETs. Note that this can be done
 without breaking compatibility, since we don't actually have to stop
 accepting POSTs at the old URLs (it's sufficient that they aren't used by
 the WUI, so that users will never try to transfer them as strings).

-- 
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1485>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage