|
|
|
|
|
|
by cphoover
1477 days ago
|
|
|
You don't need a `HTTP POST` to update server state this can be done with cookies/headers or the uri (granted doing so in the URI is a CSRF risk). Point being, client originated updates are an inevitability as long as we allow variable data to be passed from the client to the server. |
|
|