-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
Platform: All, OS: All
hudson's "Build now" link kicks off a build via HTTP GET. The hudson war should not honor GET for that
action; it should require a POST.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html says:
'In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have
the significance of taking an action other than retrieval. These methods ought to be considered "safe".'
This causes problems for well-designed browsers, caches, proxies, and web accelerators which rightly
assume they may GET links without causing side-effects.
This issue got all kinds of attention back in 2005 when Google released Google Web Accelerator and it
started GETting all kinds of links. While developers of poorly-designed web sites got pissed off, GWA
was really right, and in the long run we all want this feature because it facilitates scripting and
automating the web.
The fix could be a simple as transforming the existing HTML href into a javascript: url that performs an
xhr POST. For people automating using wget, their scripts would need modification to POST to rather
than GET the data. Any paramerized build data should go, not in the URL, but into the body of the
POST as URL-encoded form data. Both xhr and wget make this very easy.