On Fri, Feb 24, 2012 at 2:40 PM, Larry Garfield <la...@garfieldtech.com> wrote: >> To me, it's just a request for some content, and in a REST API that's >> read-only, I just don't care if the consumer sends their request as >> GET or POST. I'll cheerfully give them what they wanted. > Except that per HTTP, GET and POST are completely different operations. One > is idempotent and cacheable, the other is not idempotent and not cacheable. > I very much care which someone is using.
People exploiting security would *never* think of caching/replaying/modifying a POST request, that's just totally unimaginable! It would take, like HUGE computational effort to like, cURL it or just type it out! er, no. -Ronabop -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
