I was told to never do write operations with GET request. and that search engines and other bots would follow and activate them. Assuming all write operations require a login would there be a problem having get request as a link?
+5
A:
Writing with a GET violates REST. There are more fundamental and philosophical reasons for doing this than just because a bot will follow them. That doesn't mean that it's not allowed though.
The reason a GET should not cause a write operation is that in a RESTful service, there is an implicit agreement that GETs are "safe", and will not cause anything to happen remotely. A GET is just for getting information. If you want to send information, use POST.
Skilldrick
2010-03-02 13:33:15
+1 for mentioning both the good reasons to follow the law and that the law isn't absolute.
Joachim Sauer
2010-03-02 13:41:52
acidzombie24
2010-03-02 13:44:39
Can you not use a POST here?
Skilldrick
2010-03-02 13:47:59
i could but i dont see the problem with get since logouts also do write actions (depending on the webapp). I like get since if the user logged out i can ask for a login and not have him redo the watch action. -edit- i guess i could use post since the RandomCookieValueSoImageCantTriggerThis is likely to change every login.
acidzombie24
2010-03-02 14:02:40
If writing with GET is against REST, then how do you suggest tracking the number of views for a certain article or forum post? I can't see any other way.
Lotus Notes
2010-05-21 19:52:00
+1
A:
Not only bots, but regular browsers behave differently for GET request. When you use "back" button on a page that uses POST, most browsers give you a warning that resending the request will do (presumed) write operation again. There is no such thing with GET, because it's presumed that GET does not change anything.
che
2010-03-02 13:38:04
+1
A:
A login will not protect a user from the danger of link prefetching done by their browser, browser add-ons (including link previewers), "web accelerator", or even proxy server.
David Kolar
2010-04-30 14:19:07
d'oh. What about GET with ajax? thankfully i took advice and changed them to post but i would love to know if you know if web accelerators will grab data with ajax get
acidzombie24
2010-04-30 23:26:49
@acidzombie24 I've never heard of that happening, and would imagine it to be less likely, but any data-changing GET request could bite you, AJAX or not. If a browser makes a request that ends up in a cache, that cache has the potential to be silently "refreshed" as a performance aid, for example. I'm not saying this is likely. Just that there's no need to worry about all of these crazy scenarios with POST—that's why it's there.
David Kolar
2010-05-03 20:25:48