weixin_33709590 2020-03-26 17:18 采纳率: 0%
浏览 63

AJAX POST与GET

I'm wondering if it really makes any difference if I use GET or POST in my AJAX calls.

I'm using AJAX to delete an item with a specified ID. Somehow, POST seemed like it was a more fitting choice. But with Razor Pages, an AJAX POST requires several steps to work around cross site request forgery measures.

Does it make any difference if I just GET or POST here? Or are there any anti patterns I'm hitting if I don't?

  • 写回答

1条回答 默认 最新

  • 笑故挽风 2020-03-26 17:42
    关注

    There are many perspectives from which to answer your question "Does it make any difference if I just GET or POST here?" In short, YES it makes a difference.

    GET and POST are both susceptible to CSRF attacks. By using a GET you are creating a wider attack surface. For example an IMG tag in an email could run your DELETE api on an unsuspecting user. Using a POST makes it less trivial. You'd be better off using post without supporting anti-forgery than by using GET. Ideally, you're using POST with anti-forgery tokens.

    Other considerations can include:

    • How the cache handles this request
    • Adherence to REST principles (assuming you intend to have a "REST"ful/like design)
    • It's usually assumed that a get doesn't directly manipulate server side state
    • In theory a URL identifies the location of a resource, if you delete that resource with a get, what happens next time you call the get?
    • A get won't be protected by CORS because it's assumed to not modify state, the browser will execute the GET and just not return the response to the offending site. With a POST the browser will run a CORS preflight check using the OPTIONS verb to make sure the request is allowed by the CORS policy returned by your server prior to your server receiving a request with the verb POST.
    评论

报告相同问题?

悬赏问题

  • ¥15 求差集那个函数有问题,有无佬可以解决
  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题