At the beginning of May, Google launched their Web Accelerator beta. A couple of weeks later, the beta was suspended with the message "Thank you for your interest in Google Web Accelerator. We have currently reached our maximum capacity of users and are actively working to increase the number of users we can support." The Web Accelerator had been receiving a lot of criticism around the web because of some of the techniques it was using to speed up browsing, like pre-fetching. In theory, pre-fetching URLs is not a bad thing, and according to the RFCs, Google was doing the right thing. In practice, however, it caused all kinds of problems since browsers were pre-fetching links in admin applications that would do things like cause records to be automatically deleted or otherwise altered.
The problem is that, technically, we (meaning web developers) should not be using GET requests to alter data in any way. GETs should be used only to request documents and other resources, and should be entirely safe for pre-fetching. We should be using POSTs for requests that affect data, which Google’s web accelerator knows to stay away from. I’ve known this for some time, but I have generally disregarded this rule whenever it was convenient to do so. In fact, a couple weeks ago, I made a post entitled Why Distinguish Between GETs and POSTs? in which I provide a technique to combine FORM and URL ColdFusion variables into a single scope so that other ColdFusion code doesn’t have to distinguish between the two types of requests. The post got a lot of good comments about why that may not be such a good idea in a post Web Accelerator world, and I now believe this technique should only be used by people who really know what they are doing, and even then, sparingly.
Sometimes it takes events like the launch of the Web Accelerator to nudge the web forward. I’m not sure Google or anybody else is going to be able to get away with extensive pre-fetching anytime in the near future, but now that they have raised our awareness, hopefully we will work toward creating an environment where pre-fetching is safe. I’ve always known that using GETs when I should be using POSTs wasn’t kosher, but there were never any ramifications until now. Apparently, even Google is guilty of taking a shortcut here and there. I logged into Google Alerts this morning and found that I can delete and edit search terms by clicking on a simple link that performs a GET request. Good thing I didn’t have the Google Web Accelerator installed.