HTTP Abuse and Leonardo


Jon Udell started it with his article End HTTP Abuse and Leigh Dodds and Ryan Tomayko continue.

Jon Udell is focused on misuse of GET versus POST, arguing that if client-side toolkits made it easier to POST, then GET wouldn't be misused by developers on the server-side. Jon seems to give server-side developers the benefit of the doubt more than I would. I'm with Leigh that it's the server-side frameworks that need to improve.

Both Leigh and Ryan go further with the kinds of things a server-side framework needs to do well including:

Maybe getting these right in a Python web framework is what will help push Python as a language for Web applications.

I'm trying hard to do the Right Thing in Leonardo (which is actually shaping up to be another Python web framework for better or worse). I've done a bad job in some areas (which I hope to fix) but I think I've done an okay job with things like status codes and URI design.

One thing I hate having to do is overcome the lack of HTML forms support for PUT and DELETE by having two URIs /put and /delete that you POST to when you want to PUT the contents of a textarea as a resource or want to DELETE a resource.

I also need to work out how best to do authentication, rather than using cookies like I do (and almost everyone else does).