On 2/24/12 4:34 PM, Richard Lynch wrote:
On Fri, February 24, 2012 4:16 pm, Larry Garfield wrote:
On 2/24/12 3:28 PM, Richard Lynch wrote:
Because GET and POST are not even remotely the same thing and treating
them as completely interchangeable is a bug in the first place.
We'll have to agree to disagree here.
To me, it's just a request for some content, and in a REST API that's
read-only, I just don't care if the consumer sends their request as
GET or POST. I'll cheerfully give them what they wanted.
Except that per HTTP, GET and POST are completely different operations.
One is idempotent and cacheable, the other is not idempotent and not
cacheable. I very much care which someone is using.
As Will said in the other reply, there's security implications. (I
don't know who suggested that POST is more secure than GET. I certainly
didn't.) You want your login form operating over POST, not GET, in
large part for the reasons above.
--Larry Garfield
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
