top | item 44507930 (no title) buzzy_hacker | 7 months ago https://news.ycombinator.com/item?id=3742902 discuss order hn newest bmacho|7 months ago Indeed, user embedded pictures can fire GET requests while can not make POST requests. But this is not a problem if you don't allow users to embed pictures, or you authenticate the GET request somehow. Anyway GET requests are just fine. TekMol|7 months ago The same would have worked with a POST endpoint.The story url only would have to point to a web page that creates the upvote post request via JS. Scarblac|7 months ago That runs into CORS protections though.CORS is a lot less strict around GET as it is supposed to be safe. load replies (1)
bmacho|7 months ago Indeed, user embedded pictures can fire GET requests while can not make POST requests. But this is not a problem if you don't allow users to embed pictures, or you authenticate the GET request somehow. Anyway GET requests are just fine.
TekMol|7 months ago The same would have worked with a POST endpoint.The story url only would have to point to a web page that creates the upvote post request via JS. Scarblac|7 months ago That runs into CORS protections though.CORS is a lot less strict around GET as it is supposed to be safe. load replies (1)
Scarblac|7 months ago That runs into CORS protections though.CORS is a lot less strict around GET as it is supposed to be safe. load replies (1)
bmacho|7 months ago
TekMol|7 months ago
The story url only would have to point to a web page that creates the upvote post request via JS.
Scarblac|7 months ago
CORS is a lot less strict around GET as it is supposed to be safe.