On 29 Dec 2011, at 10:40, Bryan Petty wrote: > Looks like a fairly stripped down SaaS solution with a little extra > provided through a API that most carts don't have (which is nice, but > POST-only requests? doesn't make much any sense if it's all over SSL > anyway, not actually RESTful at that point).
POST-only makes a lot of sense. It cuts down on the potential for cross-site scripting problems, since it's more difficult to XSS a POST than a GET. For a GET, you can XSS it with a simple IMG tag. Anyway, it's not uncommon to require POST requests when security is an issue. Steve _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
