top | item 45348825

(no title)

As others mentioned, GET requests are supposed to be idempotent, i.e., you can send the same request 100 times and get the same response (with no server side-effects) 100 times.

GET requests are also easier to be abused in Cross Site Request Forgery (CSRF) attacks. Modern countermeasures in browsers (like SameSite cookies) will protect cross-origin POST and other state-changing methods, but will largely allow GET requests to go through while carrying session cookies.

discuss

No comments yet.