Module 3: Checkpoint 5—Appropriate use of HTTP methods
Conformance: Mandatory |
Requirements
HTTP methods must be used appropriately.
Benefits of conformance
- Appropriate use of the GET method:
- all important information can be indexed by search engines
- addressability is maintained for important information ensuring the information can be linked to and/or bookmarked by users
- deep linking to content is supported.
- Appropriate use of the POST method:
- a consistent, quality experience for users of the site
- increased site credibility and levels of user trust
- the functionality of the browser's back button is maintained.
Risks of non-conformance
- Inappropriate use of the POST method:
- some information on the site will not be included in search engine results pages
- some important information cannot be linked to, bookmarked or otherwise shared (deep linking is prevented).
- Inappropriate use of the GET method:
- reduced site credibility and levels of user trust
- potentially unsafe actions can be triggered unknowingly and/or repeatedly by users or automated software (user agents).
Implementation advice
Explanation
Best practice for content pages is to support use of the HTTP GET method on a unique URL to reliably return the unique content for that URL.
Basic HTML links use the GET method by default but there are ways to override this behaviour to the detriment of the website and the user experience.
For example:
Re-use of a URL to present different content resources based on session identifiers, POST data, cookies or other techniques for saving state cause difficulties for search engines and users and can introduce serious security and privacy issues.
Best practice for handling form submissions dictates that:
- the user should be able to return to the page containing the form they submitted using only a single click of their browser software's back button:
- when a user is returned to the form page, the form should still contain the data the user submitted (modern user agents provide this behaviour by default).
- if the action is safe, the resultant page should be directly addressable (so the result page URL can be emailed or bookmarked).
See the Processing a form submission section from the HTTP status message guidelines for further information about how to handle form submissions.