11 Matching Annotations
- Jul 2021
-
developer.mozilla.org developer.mozilla.org
-
-
Sending body/payload in a GET request may cause some existing implementations to reject the request — while not prohibited by the specification, the semantics are undefined. It is better to just avoid sending payloads in GET requests.
-
Requests using GET should only be used to request data (they shouldn't include data).
-
-
wordtothewise.com wordtothewise.com
-
So long as the filters are only using GET requests to pull down links, there’s nothing fundamentally wrong with them. It’s a basic (though oft-ignored) tenet of web development that GET requests should be idempotent; that is, they shouldn’t somehow change anything important on the server. That’s what POST is for. A lot of people ignore this for convenience’s sake, but this is just one way that you can get bitten. Anyone remember the Google Web Accelerator that came out a while ago, then promptly disappeared? It’d pre-fetch links on a page to speed up things if you clicked them later on. And if one of those links happened to delete something from a blog, or log you out… well, then you begin to see why GET shouldn’t change things. So yes, the perfect solution to this is a 2-step unsubscribe link: the first step takes to you a page with a form on it, and that form then POSTs something back that finalizes the unsubscribe request.
-
Idempotent just means that following a link twice has exactly the same effect on persistent state as clicking it once. It does not mean that following the link must not change state, just that after following it once, following it again must not change state further. There are good reasons to avoid GET requests for changing state, but that’s not what idempotent means.
https://hyp.is/JTNJ6uaLEeuFtzvtkXWaeA/developer.mozilla.org/en-US/docs/Glossary/Safe/HTTP confirms this claim and states it even more clearly.
-
-
security.stackexchange.com security.stackexchange.com
-
Arguably any link that performs such an action via GET is fundamentally broken. A proper unsubscribe should direct to a page with a form that requires a POST submission. (Of course, in the real world, few things are proper.)
-
-
softwareengineering.stackexchange.com softwareengineering.stackexchange.com
-
This is not advice. A GET is defined in this way in the HTTP protocol. It is supposed to be idempotent and safe.
-
-
- Nov 2020
-
www.thecodebuzz.com www.thecodebuzz.com
-
So before using GET with Body parameter, you must first ensure the servers are supporting it. It is possible that some servers might ignore the body of GET request or behavior like caching GET/HEAD requests might cause issues.
-
A payload within a GET request message has no defined semantics; sending a payload body on a GET request might cause some existing implementations to reject the request.
-
- Apr 2020
-
github.com github.com
-
This API uses request body in GET requests. For a long time this was prohibited in RFC2616 HTTP specification, but since RFCs 7230-7237, it is only discouraged, since older implementations could reject such requests. However, given that major APIs such as ElasticSearch's already implement GET with request bodies, there is precedence to such implementation.
My first sighting of the sending a request body with get request.
-