1 post • joined 30 Mar 2009
GET and POST
Those demonstrations have to submit the cross-site requests as HTTP GET, because they're images and redirects (which happen automatically). But the requests being made are state-changing, so they should be POSTs (requiring user interaction). How would a check in the website's server-side form processing for GET vs POST (or for the HTTP referrer, for that matter) inconvenience the user?
- Updated Hidden network packet sniffer in MILLIONS of iPhones, iPads – expert
- Students hack Tesla Model S, make all its doors pop open IN MOTION
- RISE of the Jesus Phone MOUNTAIN: Apple orders 80 MILLION 'Air' iPhone 6s
- BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
- PROOF the Apple iPhone 6 rumor mill hype-gasm has reached its logical conclusion