HTTP Safety Doesn't Happen by Accident(robots.thoughtbot.com) |
HTTP Safety Doesn't Happen by Accident(robots.thoughtbot.com) |
The distinction between safe and unsafe is not only useful for things like prefetching or caching but also for csrf. State mutation (whether intentional or accidental) on get requests can totally undermine your site's web security.