There's been a lot of good discussion around Udell's End HTTP abuse article. We need to get this figured out because it's almost embarrassing to be an advocate of standard approaches to building web applications when something as fundamental as the correct use of HTTP GET is butchered so often. Unfortunately, misuse of HTTP GET is just the tip of the iceberg. There's a whole slew of HTTP abuse going on out there (often in the form of neglect) that can be laid at the footstep of two parties: frameworks and evangelists. The frameworks suck and the evangelists aren't trying hard enough (I consider myself in both camps, btw).
The small community that is coalescing around REST/HTTP should prioritize the following objectives above anything else at this point:
- Raise awareness of what HTTP is capable of.
- Fix the tools.
HTTP Kicks Ass
We need to raise awareness of what HTTP is really about. If you're reading and understanding this, then you've likely had the Ah-ha moment based on the realization that HTTP isn't just a beat up old protocol for transferring files from a web server to browsers (if you haven't, read this); but this understanding is not common. The large majority of smart technical people believe that HTTP is legacy technology: an old protocol, maybe a step above gopher, that has somehow hung around through the years. Something to be dealt with, not taken advantage of. We need to show how limiting this mind-set is.
Many of us were first introduced to the true capabilities of HTTP via the REST architectural style. If you were like me, Mark or Paul (or both at the same time) forcefully induced the REST epiphany on you against your will and then you went and re-read RFC 2616 while slapping yourself on the forehead repeatedly. The correlation between the architectural concepts described in Roy's thesis and the implementation semantics described in the RFC were clear as a bell. HTTP was no longer a simple mechanism for exposing a directory of files and executable processes to a browser, it was the essence of web architecture.
Here's the thing though: most people don't read RFCs! They hate RFCs. Reading RFCs ranks close to doing taxes for most people. The only thing worse than reading RFCs is reading PhD theses.
The evangelist needs to reach these people somehow and I really don't think it's going to be through describing the architectural concepts of REST so much as it will be through describing the here's-what-you-can-do-right-now-in-the-real-world benefits of HTTP. It's a fine line, I know, but I think it's important.
How do we give people the Ah-ha! without requiring that they read a thesis and an RFC?
A Three Legged Dog
I look at what Zeldman, Meyer, and others are accomplishing with the Designing with Web Standards movement and it seems a good model. They emphasis the correct use of standard CSS, (X)HTML, and DOM scripting (the three legged stool) to achieve enormous benefits over proprietary web design techniques. They have books and a cluster of weblogs that show designers how to reap the rewards of this system. It's been a smashing success and is only gaining traction.
Can we take a page from their book? In my opinion, we're just as
entitled to the phrase
Designing with Web Standards as they are.
We have a three legged stool too: HTTP, URIs, and XML. Except
our stool is more like a three legged dog - you can get around but it is
not quite optimal. Why is this?
My feeling is that we haven't done a good enough job of showing examples of what the correct use of HTTP, URIs, and XML looks like in the real world. Joe Gregorio's excellent column aside, there just is not a lot of here's-how-you-get-shit-done-with-http type content available on the web, led alone books or magazine articles. We're amazingly talented at pointing out when something is being done wrong (e.g. WS-*, non-safe/idempotent GET, incorrect charset, etc.) but we suck at showing how to do it right in the first place.
To Hell With Bad Web Frameworks
Why are we having such a hard time showing correct use of HTTP and URIs?
Because our tools suck. How are we suppose to show how to use HTTP and
URIs properly when the tools and frameworks actively discourage
practicing standards? Our incessant ranting on correct use of
web technology is filed by many into the
not living in the real
world drawer. We're assholes.
In many ways this is the same battle that the Designing with Web Standards crowd has been fighting with their tools - the browsers. How can you preach standard use of (X)HTML, DOM, and CSS when the browsers have such poor support for them? Those guys drew a line and said To Hell With Bad Browsers and it's paying off. I think we need to take on a similar attitude and start expecting more from our web frameworks.
Every web framework I've ever worked with (Apache, CGI, Java Servlets, Quixote, Webware, Ruby on Rails, PHP, ASP.NET, CherryPy) were extremely limited in their support for the full set of capabilities provided by HTTP.
For instance, which frameworks ...
Help implement content negotiation properly?
Provide facilities for implementing a smart caching strategy for dynamic content? (proper use of
Make dealing with media types easy?
Make dealing with character encodings easy?
Encourage the use of standard HTTP authentication schemes?
Have a sane mechanism for attaching different behavior to different verbs for a single resource?
Help ensure that URIs stay cool?
Make dealing with transfer encodings (gzip, compress, etc.) easy?
Help you use response status codes properly? (e.g. Nearly all dynamic content returns either a 200 or 500).
Sure, some frameworks have tricks for portions of the list but there
should be documented, well-thought-out mechanisms for implementing these
facets of HTTP. Let's face it, if you want to do something outside of
exposing well-known static representation types from disk for GET, or
application/x-www-urlencoded data via POST, you're off the
radar for most web frameworks. I'm not saying that other things aren't
possible, I'm saying they aren't supported well.
To sum up, we need a good implementation of HTTP/1.1 that provides a real framework for building standards based web applications. We then need to advocate and illustrate the correct use of HTTP/URIs/XML as a killer technology that has been hiding right under our noses by showing the benefits of using the system correctly. Until we get this stuff straightened out, expecting people to use GET properly is unrealistic.
Sidebar: I just noticed that Leigh Dodds beat me to it:
[Udell] then continues by exploring the ease of using GET versus POST on the client-side. I think the fault actually lies on the server-side. Specifically, with existing web applications frameworks.