Hacker News new | ask | show | jobs
by homakov 5188 days ago
>Web applications make state-changing operations on GET requests. You might not like it, but they do.

but when developer made a mistake with GET it is 100% his problem - it's out of question. he should be punished :D
2 comments
tptacek 5188 days ago
Nonsensical. CSRF isn't God's punishment for REST-lessness.
link
baddox 5187 days ago
You're both just choosing different places to draw the line between developer responsibility and browser responsibility.
link
tptacek 5187 days ago
That is like saying "you're both just suggesting two totally different designs for the HTTP security model".

His model is wrong. Again: I assume he wants to know that, so, bluntness.

link