Hacker News new | ask | show | jobs
by BringTheTanks 4074 days ago
I know which phrase you're referring to, but if you read it in context, it's apparent this is an exception case, because the very same section talks about cacheable, stateless requests and responses.

All of REST's constraints are about encouraging cacheability and "visibility" to intermediaries. Intermediaries should in most cases be able to see which resource is being requested/returned, read the method, read the content-type and other headers.

All of this is not available during an HTTPS session. So "HTTP + a bit of HTTPs" is REST + a dose of realism.

But "HTTPs-only" is something else entirely.
1 comments
nl 4073 days ago
I think we are dramatic agreement?

HTTPS = breaking caching.

User Authentication = returning different results for per-resource queries, which is RESTful.

link
BringTheTanks 4073 days ago
I'm afraid we're not in a dramatic agreement. You point to an exception which REST allows to claim the exception is RESTful.

The exception is there for practical reasons and it doesn't satisfy REST's constraints nor benefits from REST's properties.

Either way, my point's been exhausted, so, I'll shut up now ;)

link