Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I know which phrase you're referring to, but if you read it in context, it's apparent this is an exception case, because the very same section talks about cacheable, stateless requests and responses.

All of REST's constraints are about encouraging cacheability and "visibility" to intermediaries. Intermediaries should in most cases be able to see which resource is being requested/returned, read the method, read the content-type and other headers.

All of this is not available during an HTTPS session. So "HTTP + a bit of HTTPs" is REST + a dose of realism.

But "HTTPs-only" is something else entirely.



I think we are dramatic agreement?

HTTPS = breaking caching.

User Authentication = returning different results for per-resource queries, which is RESTful.


I'm afraid we're not in a dramatic agreement. You point to an exception which REST allows to claim the exception is RESTful.

The exception is there for practical reasons and it doesn't satisfy REST's constraints nor benefits from REST's properties.

Either way, my point's been exhausted, so, I'll shut up now ;)




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: