Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

GET vs. POST does it really really matter?

Tags:

http

asp.net

Ok, I know the difference in purpose. GET is to get some data. Make a request and get data back. POST should be used for CRUD operations other than read I believe. But when it comes down to it, does the server really care if it's receiving a GET vs. POST in the end?

like image 364
PositiveGuy Avatar asked Jul 08 '09 20:07

PositiveGuy

2 Answers

According to the HTTP RFC, GET should not have any side-effects, while POST may have side-effects.

The most basic example of this is that GET is not appropriate for anything like a purchase-transaction or posting an article to a blog, while POST is appropriate for actions-that-have-consequences.

By the RFC, you can hold a user responsible for actions done by POST (such as a purchase), but not for GET actions. 'Bots always use GET for this reason.

From the RFC 2616, 9.1.1:

9.1.1 Safe Methods

Implementors should be aware that the software represents the user in
their interactions over the Internet, and should be careful to allow the user to be aware of any actions they might take which may have an
unexpected significance to themselves or others.

In particular, the convention has been established that the GET and
HEAD methods SHOULD NOT have the significance of taking an action
other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.

Naturally, it is not possible to ensure that the server does not
generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them.

like image 164
abelenky Avatar answered Sep 20 '22 08:09

abelenky

It does if a search engine is crawling the page, since they will be making GET requests but not POST. Say you have a link on your page:

http://www.example.com/items.aspx?id=5&mode=delete

Without some sort of authorization check performed before the delete, it's possible that Googlebot could come in and delete items from your page.

like image 28
John Rasch Avatar answered Sep 18 '22 08:09

John Rasch
Sign in to Comment

Related questions

How to retrieve values from the last row in a DataTable?
How to Send Email With Attachment In Asp.Net
cannot find uploaded image when using Azure Storage Emulator in local machine
How to raise a 401 (Unauthorized access) exception in Sharepoint?
Difference between Request.Form and Request.QueryString?
ASP.NET Cannot Find MySQL Host Even Though I'm Not Using MySQL
Add image to a link button in asp.net
Could not load file or assembly 'System.Web.Extensions, Version=1.0.61025.0 Error [closed]
The request URL is invalid in IIS 7
How to set the cell width in itextsharp pdf creation
stringbuilder versus string concat
Inner image and text of asp:LinkButton disappears after postback
SSO using SAML2.0 in asp.net
Are there nested master pages in ASP.NET MVC?
Return dynamic object
How to add class active on specific li on user click with jQuery
Should I use the built-in membership provider for an ASP .NET MVC application?
Oracle connection string without tnsnames.ora file
Javascript functions inside ASP.NET User Control
I keep getting the "docker build" requires exactly 1 argument(s) error

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!