The safe/unsafe Web and what’s that X-Bender header?

It’s been very refreshing to see recent discussions about why/how the Web works moving away from the REST vs SOA argument, or POX vs WS, or how cool AJAX is. Here are few links to get you started:

• Don: “HTTP, XML, REST, and $100“, “coming out“, “spending the $100“, and “Sam’s two webs“
• Sam: “Two Webs“
• Dare: “The two webs“
• Tim: “WS-Crossroads“
• and many more

While re-educating myself about the Web, I’ve discovered a collection of notes on the W3C site which I highly recommend. Most of the notes (if not all) are written by Tim Burners-Lee and they capture discussions, thoughts and considerations about the architecture of the Web. It’s very interesting to examine the Web without any MEST or REST goggles on. We have to remind ourselves that the Web as we know it today worked in exactly the same way even before REST was around.

It’s worth highlighting again the importance of safe vs unsafe operations. ‘Safe’ does not mean ‘lack of side effects’ (a usual misconception which at some point I was guilty of also having) but, instead, ‘safe’ is defined as the absence of an obligation by a user to make a commitment with regards to a performed action. GET is a safe operation because of that reason and has nothing to do with the state representation of a resource. Safety is about the (lack of) conceptual flow of commitments.

And finally, something fun… As I was playing with some prototyping code related to GET, I was looking for the caching-related headers in responses from some popular sites. As I was examining the headers returned by Slashdot, I saw one called ‘X-Bender’ followed by a quote. The quote used very familiar language 🙂 After few more GETs and the appearance of another header called ‘X-Fry’, it was obvious what was going on: Slashdot returns quotes from Futurama as HTTP headers 🙂