HTTPLib and POST problem with '?'

[Jason Orendorff]

Alex Martelli wrote:
> Jason Orendorff wrote:
> >Alex Martelli wrote:
> >> >  h.putrequest("POST", "/cgi-bin/script.cgi?name=Paul")
> >>
> >> No; this violates the HTTP standards (the ? and after are
> >> only used for GET, to encode the FORM values; in POST, the
> >> form values are sent as the request's data instead of in
> >> the URL) [...]
> >
> > Is this true?  Admittedly I avoid using POST this way,
> > but is there really something in RFC 2616 that forbids it?
> > I wasn't able to find anything.
>
> If I recall correctly the last time this discussion came up, the relevant
> paragraph is in section 9.5, POST, of RFC 2616, and I quote:
> "The posted entity is subordinate to that URI in the same way that a file
> is subordinate to a directory containing it, a news article is
> subordinate to a newsgroup to which it is posted, or a record is
> subordinate to a database." where "that URI" is the request URI.
>
> In the CGI standard (sorry, no standard text at all, so summarizing from
> memory) there is no "subordinate" relationship between QUERY_STRING
> and the script's stdin; thus it doesn't meet the requirements of POST.

That depends on what the CGI program does with the data.  It may
store the posted data in a database specified by the query string,
in which case it completely fulfills the letter and spirit of the
standard.

And, not all HTTP-based server-side applications use CGI.  In fact,
whether they do or not is really none of the client's business.

> In the light of the meta-principle "be conservative in what you generate,
> and liberal in what you accept", I think a server should probably accept a
> (probably-incorrect) mix of both, and try to do something sensible; but a
> client (e.g., httplib) should never generate the mix.

Hmm.  Well, under the Principle of Least Surprise, a library should
not silently truncate data being sent to a server.  httplib behaves
correctly, as far as I can tell.

## Jason Orendorff    http://www.jorendorff.com/