Theoretically, it's counter to the HTTP 1.1 specification, which states that
GET requests should only return data, not change it.
In practical terms, it's a data integrity issue. Spidering isn't really a
problem if you've set up proper access control, or those links are hidden
behind a login prompt. But say a user is using something like Google Web
Accelerator. It operates on your website using their user permissions.
http://webaccelerator.google.com/webmasterhelp.html#prefetch3
-Matt
----- Original Message -----
From: "Christian Szardenings" <[EMAIL PROTECTED]>
To: <fw-general@lists.zend.com>
Sent: Wednesday, December 06, 2006 7:35 AM
Subject: Re: [fw-general] Understanding Web MVC Applications / Controller
Organization
Hi Matthew,
I would highly encourage you to delete via POST, not GET--regardless of
user permissions.
why do you recommend that? Is deleting by GET some kind of security issue?
Or is it just a 'usability' improvement (e.g. don't delete 'again' when
user hits the back button) ?
Greetings
Christian
