Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why should you delete using an HTTP POST or DELETE, rather than GET?

Tags:

http

asp.net-mvc

http-delete

I have been working through Microsoft's ASP.NET MVC tutorials, ending up at this page

http://www.asp.net/learn/mvc/tutorial-32-cs.aspx

The following statement is made towards the bottom of this page:

In general, you don’t want to perform an HTTP GET operation when invoking an action that modifies the state of your web application. When performing a delete, you want to perform an HTTP POST, or better yet, an HTTP DELETE operation.

Is this true? Can anyone offer a more detailed explanation for the rationale behind this statement?

Edit

Wikipedia states the following:

Some methods (for example, HEAD, GET, OPTIONS and TRACE) are defined as safe, which means they are intended only for information retrieval and should not change the state of the server.

By contrast, methods such as POST, PUT and DELETE are intended for actions which may cause side effects either on the server

like image 327
Richard Ev Avatar asked Apr 24 '09 14:04

Richard Ev

People also ask

Is http delete POST or get?

The HTTP DELETE method is used to delete a resource from the server. Unlike GET and HEAD requests, the DELETE requests may change the server state. Sending a message body on a DELETE request might cause some servers to reject the request. But you still can send data to the server using URL parameters.

Should you use http delete?

If you POST or event GET to do a DELETE, you're simply misusing HTTP methods that are clearly defined respectively as methods to create a new resource and retrieve an existing resource. Use integration tests to ensure a junior dev can't alter API behaviour.

Can we delete using HTTP GET?

However, whether you use POST or DELETE does not matter for CSRF-protection purposes. As long as you do not use GET for calls which are not safe, everything is fine.

What is the difference between POST and delete?

PUT and DELETE are in the middle between GET and POST. The difference between PUT or DELETE and POST is that PUT and DELETE are idempotent, whereas POST is not. PUT and DELETE can be repeated if necessary.

1 Answers

Jon Skeet's answer is the canonical answer. But: Suppose you have a link:

href = "\myApp\DeleteImportantData.aspx?UserID=27"

and the google-bot comes along and indexes your page? What happens then?

like image 78
Chris Cudmore Avatar answered Oct 20 '22 10:10

Chris Cudmore
Sign in to Comment

Related questions

Can I pass a parameter with the OnSuccess event in a Ajax.ActionLink
How to link HTML5 form action to Controller ActionResult method in ASP.NET MVC 4
MVC controller is being called twice
ASP.NET MVC 4 + Ninject MVC 3 = No parameterless constructor defined for this object
how to set id to Html.TextBox item on MVC
Creating custom variable in web.config file?
ASP.NET MVC - Database entities or ViewModels?
Custom html helpers: Create helper with "using" statement support
How to use a ViewBag to create a dropdownlist?
validate a dropdownlist in asp.net mvc
ASP.NET MVC 5 error handling
Json and Circular Reference Exception
Using HTML inside resource files
ASP.NET Identity and Claims
System.Web.Http missing after .net 4.5 upgrade
ASP.net MVC [HandleError] not catching exceptions
Add css class to Html.EditorFor in MVC 2
How to apply Bootstrap dropdown style to an ASP.NET MVC DropDownList?
how to generate Html.ActionLink with icon
ASP.NET MVC5/IIS Express unable to debug - Code Not Running

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!