Hacker News new | ask | show | jobs
by chrisfosterelli 317 days ago
IMO apps that do this have a bug, and possibly a security one. This causes issues with prefetching, bot traffic, caching, CSRF, and just plain violates HTTP standards.
2 comments
pinoy420 316 days ago
Not really. If I have a service where I need one click to perform an action and store data. It has to be a GET. You can’t post from a url… purist dogma for the sake of purist dogma
link
FireInsight 316 days ago
One click to perform an action and store data? Have you heard of HTML forms with method="post"?
link
pstuart 316 days ago
Agreed. Those methods should be treated as idempotent.
link
almog 316 days ago
> Those methods should be treated as idempotent

Idempotency still implies it can change state on the initial call, which to me feels wrong in the context of GET/HEAD/OPTIONS.

link
Mavvie 316 days ago
Indeed, the correct term here is nullipotent.
link