|
|
|
|
|
|
by app
5625 days ago
|
|
|
There are two additional security features POST has that GET does not: 1- POSTs cannot be forwarded 2- some browsers (webkit only I believe) require a client to interact with a domain before they can POST to it-- this means iframes cannot POST. When it comes to XSRF, they are equally (in)secure. |
|
|