Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

IMO apps that do this have a bug, and possibly a security one. This causes issues with prefetching, bot traffic, caching, CSRF, and just plain violates HTTP standards.


Not really. If I have a service where I need one click to perform an action and store data. It has to be a GET. You can’t post from a url… purist dogma for the sake of purist dogma


One click to perform an action and store data? Have you heard of HTML forms with method="post"?


Agreed. Those methods should be treated as idempotent.


> Those methods should be treated as idempotent

Idempotency still implies it can change state on the initial call, which to me feels wrong in the context of GET/HEAD/OPTIONS.


Indeed, the correct term here is nullipotent.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: