|
|
|
|
|
|
by codetrotter
676 days ago
|
|
|
I remember many years ago when I used to read print magazines about programming and web development. One of those magazines told a story about a web site that had lost a lot of data. What had happened? Well, somehow they had this page that 1. Required no authentication at all, and 2. Was using links like <a href="/path/to/file?action=delete>Delete file</a>
And so the Google web crawler had come across this page and happily visited each and every one of those links.That’s when I learned about the importance of using forms with POST requests for certain actions instead of using links that send GET requests. And then some years later someone told me about this thing called HATEOAS and about RESTful APIs and that actually there are different HTTP verbs you can use other than just GET and POST. Like for example DELETE /path/to/file
As for your question about how someone is supposed to learn that these days?Ideally whatever web development tutorials or courses or books they are using would at some point tell them about the different HTTP verbs that exists, and of how and when to use each of them, and crucially to tell them about bad consequences of using GET for anything that has side-effects like logging out a session or deleting a file. |
|
|