1 post • joined 30 Mar 2009
GET and POST
Those demonstrations have to submit the cross-site requests as HTTP GET, because they're images and redirects (which happen automatically). But the requests being made are state-changing, so they should be POSTs (requiring user interaction). How would a check in the website's server-side form processing for GET vs POST (or for the HTTP referrer, for that matter) inconvenience the user?
- Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
- Apple winks at parents: C'mon, get your kid a tweaked Macbook Pro
- SOULLESS machine-intelligence ROBOT cars to hit Blighty in 2015
- China in MONOPOLY PROBE into Microsoft: Do not pass GO, do not collect 200 yuan
- BuzzGasm! Thirteen Astonishing True Facts You Never Knew About SCREWS