Why is this bad? for example if you have an Image you want to both DELETE and GET, and have cache control, once it's cached, the DELETE will return the bytes of the image without going to the server...
I'm not sure if you're trolling or not, so I'll assume naiveté and give you a thoughtful answer: Because the resource you tried to delete will not be deleted. To add insult to injury, from a UI perspective, it will still behave like it has been. This wrecks any ajax applications that cache GET requests.
Furthermore, it's in direct violation of the HTTP spec:
> If the request passes through a cache and the Request-URI identifies one or more currently cached entities, those entries SHOULD be treated as stale. Responses to this method are not cacheable.
3. SHOULD This word, or the adjective "RECOMMENDED", mean that there
may exist valid reasons in particular circumstances to ignore a
particular item, but the full implications must be understood and
carefully weighed before choosing a different course.
Because the problem goes beyond failing to invalidate the existing cache for the resource (which is a SHOULD), Chrome does not even make the request, which most definitely isn't acceptable under any circumstance, even after careful considerations. The spec even emphatically says that responses to a DELETE are not cacheable, how could you use an existing cached response as valid for a DELETE if you are not allowed to cache a delete in the first place?
I believe the spec is saying that if you are a proxy, and you have a cached value for X, then you see a delete for X, you are allowed to immediately expire your entry for X. In other words, the proxy is permitted to assume that a delete request is so likely to result in a change on that resource that it may simply assume the cache is bad. It isn't required to, though.
It does not mean that if you receive a DELETE request you can just substitute the value of what is a completely different request (the GET request). I believe eloisius is not correct about the spec banning this behavior with that line. It's "banned" because it's just broken, nonsensical. It's not the same request in the first place, any more than you can just substitute POST results for GET.
Yes, but mailing a bicycle to a random US address as a response to the DELETE request is also not explicitly forbidden in the spec. This doesn't mean that the spec provides for commercial suicide through bicycle mail.
But returning already cached GET response to DELETE request is not.
Yes, you're right.. the spec doesn't mention what should happen when the developer does something completely irrational, like returning a cached GET response to a DELETE request.
I commented on my own post to explain why I think it's bad, sorry for not reading it aloud to myself, I can understand why you read it not the way I had it in my head :)
Should read my post as:
"Are you asking why this is bad? it is bad because..." and provided an example...
P.S. I like the Insult to injury quote, it's exactly how I felt when trying to debug it, took me an hour to figure that out...
I wonder why three people answered your question, not understanding that you
- submitted the link in the first place
- tried to provide an explanation why this is a bad idea (i.e. wrong)
and telling you that this behavior is, in fact, not according to the specs.
Communication failure? Maybe it would help to clarify your statement a bit?
Edit: Reading a third and forth time I'm becoming less certain that _I_ got your point and the others didn't (note to self: That shouldn't be the default assumption). Did you really ask why that is bad?
Edit 2: Looking at your username and the issue comments I kind of assume that you are the commenter over at code.google.com, calling this 'severe'. So I'm back to my original assumption that you know perfectly fine why this is bad.
The question "Why is this bad?" can be interpreted two ways: both as "Can someone please tell me why this is bad?" and "Why is this bad, you might be wondering? Let me tell you..." Ambiguities like this are sometimes amusing, such as when a reply saying "Love it!" can be read as both "[I] love it!" and the imperative command "[You must] love it!"
I think the point was being made on "why this is bad" and not that a question was being asked. ( almost definitely the severe comment in the group was made by the same person - http://digg.com/eranation)
Yep, bad choice of English from my end, not my native language I wish I could "edit" that and change the wording, but you got that right the first and 3rd time (Edit 2 is correct) :)
Section "9.1.2 Idempotent Methods". "However, it is possible that a sequence of several requests is non- idempotent, even if all of the methods executed in that sequence are idempotent."
As well section "9.7 DELETE". The last sentence: Responses to this method are not cacheable.
The same in human language: there is no guarantee that you are deleting the same object because its ID matches. E.g. MD5 collisions are rare but they sometimes happen.
Sorry, I was commenting on my own post and wanted to provide an example for "why this is bad" and not ask "why is this bad" apparently, HN also teaches me English (not my native language)
So to clarify, the problem is that browser serves the cached copy of the response from the GET request to the user, meaning that the user will not see the possibly different response returned by the server for the DELETE request correct? I feel like I'm missing something here.
Just to be clear (because I feel like I'm missing something here as well): the problem is if you allow a GET to be cached and then the client makes a DELETE request on that cached resource, Chrome applies the DELETE to the cached version and doesn't propagate the request to the server??
