[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ProgSoc] REST vs. HTTP in the real world



Nicholas FitzRoy-Dale wrote:
> John Elliot wrote:
>> If anyone would like to defend PUT and DELETE I would like to hear
>> their case. What value do PUT and DELETE provide, and why should I
>> accept them as useful or necessary?
> 
> Wasn't PUT supposedly to be the complement of GET? IE you GET a bit of
> structured data (JSON or whatever) and then make changes to it and PUT
> the same data back. This is very neat if you're one of those "Web file
> system" types but even makes sense in a more limited domain (eg the
> policy editor for the bug tracker I'm writing runs in the browser,
> requests policies from the server in JSON format and then posts back the
> same data (modulo any policy changes the administrator just made). It
> seems like a good use for PUT, but I didn't actually choose PUT because
> I haven't been bothered to find out how well it's supported.

In the browser you're forced to use XMLHTTPRequest, but this does have the
nice benefit of making CSRF (which is Web 2.0's XSS [1]) much harder.

> The alternative (POST) isn't supposed to be symmetrical and is basically
> about submitting form data (only).
> 
> PUT seems pretty simple, so I don't really see how it can be
> standardised wrongly. But I have been very wrong in the past about Web
> standards I'm not going to pretend I know much about it.
> 
> I don't really understand DELETE because the obvious argument in its
> favour implies a corresponding CREATE to me. Perhaps there is one.

POST is for creating a new resource - the response you get to it tells you
where it's now stored, or what the error is. Something else to note about
PUT is it can eliminate the lost-update problem. First you GET the resource,
take note of its Etag, then PUT your new content with a If-Match header
containing that Etag. If they don't match, because someone else has altered
the resource, you'll get an error back from the server instead of
overwriting that update. [2]

James Andrewartha

[0] http://www.xml.com/pub/a/2004/12/01/restful-web.html
[1] http://ianloic.com/insecurity_is_ruby_on_rails_best_practice
[2] http://bitworking.org/news/125/REST-and-WS

-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@xxxxxxxxxxxxxxxxxxx
If you are having trouble, ask owner-progsoc@xxxxxxxxxxxxxxxxxx for help.