Hacker News new | ask | show | jobs
by afraca 2411 days ago
My initial response to your comment was "but then the page requires JS", which of course is not true, since a simple inline form could POST and then a redirect could get you back.

I'm no webdev, I think JS has been hyped so much around me I forgot plain html can actually do things...
2 comments
michaelmior 2411 days ago
Unfortunately Volatile doesn't seem to support redirects.
link
iCarrot 2411 days ago
The correct response is "but then I need a webpage/separate tool".

When all API are GETs, the browser, which is likely to be open when you read this, is all you need.

link
theon144 2411 days ago
Contrary to popular belief, the browser can perform POSTs as well as GETs.

An inline form on the webpage that POSTs the result is not a "webpage/separate tool". Option 2 would be to use the browser's dev console.

link
iCarrot 2411 days ago
You need a webpage to have an inline form, which you need to create somehow. Compare that to just opening a new tab and type in an URL.

The dev console is a separate tool. And I'm still sure it is much quicker and easier to open a new tab and type in an URL, than to do a POST with dev console.

link
phoe-krk 2411 days ago
> When all API are GETs, the browser, which is likely to be open when you read this, is all you need.

And your service is also incorrect due to the issues with side-effects mentioned elsewhere in the thread.

link
iCarrot 2411 days ago
It depends on how you interpret correctness. RFC 2616 9.1.1 also used "SHOULD NOT" and not "MUST NOT", indicating that there are valid use cases. The issue is about whether your users are aware of (and are responsible for) the side-effect or not. In this case they are.
link
oefrha 2411 days ago
Except when GET has side effects, one can embed the URL in an img tag and visitors would be triggering that side effect unknowingly. One can do this on most public forums. So no, users may not be aware.
link
iCarrot 2411 days ago
What you just described is actually a web beacon [1], in which case the one that embed the URL is the user (and not the one who load the <img>). Web beacon can be used to implement useful thing like visitor counter service [2].

[1]: https://en.wikipedia.org/wiki/Web_beacon

[2]: https://www.hitwebcounter.com/

link
oefrha 2411 days ago
It's also "useful" for cross-site request forgery.
link