https://issues.apache.org/bugzilla/show_bug.cgi?id=50231
--- Comment #2 from Ramon <ra...@echophase.com> 2010-11-08 06:40:02 EST --- I'm not sure what you're suggesting Rainer? My issue relates to the tomcat manager HTML page specifically. In my opinion the right thing to do is to use POST. I do not see the need for complex logic just so that we can still use GET. To my mind, the use of GET in this context is just plain wrong to begin with, see http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1.1. Regarding tooling, I'm not suggesting a change to the tooling interface. If it currently supports GET, it should probably continue to do so for backwards compatibility. It should also support POST as the "proper" way of doing things. I think all HTTP clients support POST easily - wget, curl, lwp - what are you using? Another problem that could arise from these side-effecting GET requests is CSRF - not sure how that could be dealt with while preserving tool compatibility. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
