Y
Hacker News
new
|
ask
|
show
|
jobs
by
rlucas
4695 days ago
No, you're missing that the original GET requests can be performed in some cases over HTTP, either by forgery or by surreptitiously spoofing the user's own browser into doing it. No need to have compromised the SSL/TLS.