POST vs. GET is a little bit of a red herring anyways, since either method works... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tptacek on Sept 23, 2010 | parent | context | favorite | on: Security Lessons Learned From The Diaspora Launch

POST vs. GET is a little bit of a red herring anyways, since either method works for CSRF. (I'm adding to your comment, not amending it).

jharrison on Sept 23, 2010 [–]

I'm certainly not qualified to argue with you on anything security related (nor would I want to). I'm simply clarifying Rails default handling of destructive actions which is probably semi-offtopic.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact