Idempotency: It's not just for APIs (or, the web is an API)

Implementors should be aware that the software represents the user in their interactions over the Internet, and should be careful to allow the user to be aware of any actions they might take which may have an unexpected significance to themselves or others.

In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.

Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them.

Source: HTTP/1.1: Method Definitions

So, like... uh... Did Google build their accelerator that way just to provide a dramatic example of why explanations of REST focus repeatedly (to the annoyance of some) on the fact that the HTTP GET method is specified as and should be implemented as idempotent?

Seriously. Did they? Well, at any rate, I guess they didn't read this PDF:

But, eh, I hadn't read that PDF until a few minutes ago anyway. Though, it is kind of funny that I found it as the first hit on Google for the terms "rest get idempotent prefetch problem". (Which, snarkily, is really the only reason I mention it.)

Yes, one could argue that only "badly designed" web applications that don't follow the rules of GET and POST will be affected, but I'm not sure this is an argument that Google (or anyone else who actually builds or uses web apps in the wild) would care to make in this situation.
Source: O'Reilly Radar: Google Web Accelerator considered overzealous

Er, oh yeah... I guess I can't be too smug about GET and idempotency, now that I look at a few of the web apps with which I've been involved. Yeah, that smarts.

Although, I do have to say that most of the nonidempotent-(read: broken)-GET-driven things I've put together tend to be behind href="javascript: do_foo()" function call links which, while hated by some, would have protected you from this--at least until Google's prefetch learned JavaScript.

Bah, I say. Maybe it's time to start actually, really paying attention to this?

shortname=idempotency

Archived Comments

  • "So, like... uh... Did Google build their accelerator that way just to provide a dramatic example of why explanations of REST focus repeatedly (to the annoyance of some) on the fact that the HTTP GET method is specified as and should be implemented as idempotent?" I reckon they might have done just that: http://www.dehora.net/journal/2005/05/only_the_paranoid_survive.html
  • The problem with "javascript:do_foo()" is that it'll break for people who have no Javascript – obviously. [It's not at all hard to have our cake and eat it](http://plasmasturm.org/log/292/), though.
What's old (scraping) is new again (microformats)  Previous The right place for data in your feed Next