1 post • joined 30 Mar 2009
GET and POST
Those demonstrations have to submit the cross-site requests as HTTP GET, because they're images and redirects (which happen automatically). But the requests being made are state-changing, so they should be POSTs (requiring user interaction). How would a check in the website's server-side form processing for GET vs POST (or for the HTTP referrer, for that matter) inconvenience the user?
- Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
- Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
- FOUR DAYS: That's how long it took to crack Galaxy S5 fingerscanner
- Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
- Did a date calculation bug just cost hard-up Co-op Bank £110m?