Google Web Accelerator and PHP
24 May 2005You've probably heard about the new Google Web Accelerator, but if you're like me, you haven't bothered to try it out or give it much thought. After all, it can't possibly be worth running Windows. If you develop PHP applications, however, you might want to pay attention.
There is a particular section of the HTTP specification that is frequently violated. Section 9.1.1 of RFC 2616 states the following:
In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.
What does this mean? If you use $_REQUEST, rely on register_globals, or deliberately use $_GET to process a request that performs some action (other than retrieval), then you're violating the HTTP specification, because a GET request can potentially perform that action. If your page contains links that perform an action (when followed), then the Google Web Accelerator is going to cause you problems. You can already find complaints about this. Of course, the developers complaining are the ones to blame, not Google.
The moral of the story is to adhere to the HTTP specification. If you want to play the web game, you have to play by the rules.