Why are there GET and POST requests in AJAX as it does not affect page URL anyway? What difference does it make by passing sensitive data over GET in AJAX as the data is not getting reflected to page URL?
+12
A:
Well, as for GET, you still have the url length limitation. Other than that, it is quite conceivable that the server treats POST and GET requests differently; thus the need to be able to specify what request you're doing.
David Hedlund
2009-12-09 10:25:59
Also, you can use both request types when developing application. For most of them `is_ajax` flag is enough. Better to have such choice then not to have.
Vasiliy Stavenko
2009-12-09 10:30:59
I am accepting dnl.vssll's answer because GET url length limitation is not imposed by HTTP or AJAX, you can check this answer for that http://stackoverflow.com/questions/812925/what-is-the-maximum-possible-length-of-a-query-string . Its limited by browser/server and why its limited is really a point of discussion .. as HTTP is text based, browser sends HTTP request as a whole.. It includes query string, so if there is no limit on length of request(Assuming ideal case) what is the point in limiting query string ?
Xinus
2009-12-12 12:55:46
i wasn't making an argument to defend the lenght limit, i was just stating that it was there, and that you'll have to consider it, because when doing web development, you really can't afford to disregard of *browsers*. but hey, you don't need to motivate your accepts; dnl's reply was a good one as well =)
David Hedlund
2009-12-12 15:33:46
The length limit is a very valid point in practice as well. I totally agree with David on the "can't afford the disregard of browsers".
Daniel Vassallo
2009-12-12 17:48:57
+4
A:
Two primary reasons for having them:
GETrequests have some pretty restrictive limitations on size;POSTare typically capable of containing much more information.The backend may be expecting
GETorPOST, depending on how it's designed. We need the flexibility of doing aGETif the backend expects one, or aPOSTif that's what it's expecting.
T.J. Crowder
2009-12-09 10:26:48
+21
A:
You should use the proper HTTP verb according to what you require from your web service.
When dealing with a Collection URI like: http://example.com/resources/
GET: List the members of the collection, complete with their member URIs for further navigation. For example, list all the cars for sale.
PUT: Meaning defined as "replace the entire collection with another collection".
POST: Create a new entry in the collection where the ID is assigned automatically by the collection. The ID created is usually included as part of the data returned by this operation.
DELETE: Meaning defined as "delete the entire collection".
When dealing with a Member URI like: http://example.com/resources/7HOU57Y
GET: Retrieve a representation of the addressed member of the collection expressed in an appropriate MIME type.
PUT: Update the addressed member of the collection or create it with the specified ID.
POST: Treats the addressed member as a collection in its own right and creates a new subordinate of it.
DELETE: Delete the addressed member of the collection.
Source: Wikipedia
Daniel Vassallo
2009-12-09 10:26:54
+1
A:
You normally send parameters to the AJAX script, it returns data based on these parameters. It works just like a form that has method="get" or method="post". When using the GET method, the parameters are passed in the query string. When using POST method, the parameters are sent in the post body.
Generally, if your parameters have very few characters and do not contain sensitive information then you send them via GET method. Sensitive data (e.g. password) or long text (e.g. an 8000 character long bio of a person) are better sent via POST method.
Salman A
2009-12-09 11:13:36
AFAIK GET and POST methods differ only in their request format, so I don't think POST is more secure than GET. GET is considered insecure because parameters get reflected to url but AJAX overcomes that problem. Also all modern browsers do not limit amount of data we can send via GET request.. .. Only possible explanation I could see from responses is AJAX is designed to exist with well established HTTP protocol.. which is logical.
Xinus
2009-12-09 12:04:45
@Xinus: Last I heard, both browsers *and* servers still imposed significant URL length (e.g., `GET`) limits, as does the HTTP spec IIRC. Can you post a reference for your statement that they don't?
T.J. Crowder
2009-12-09 12:40:39
You are right. But the reason why some people consider POST to be *slightly* more secure than GET is because GET parameters might get stored in various locations, including server logs and browser history as URLs. POST does not have this issue.
Salman A
2009-12-09 14:39:54
A:
Others have covered the main points (context/idempotency, and size), but i'll add another: encryption. If you are using SSL and want to encrypt your input args, you need to use POST.
ss ulrey
2009-12-09 17:17:37
+1
A:
Another difference between GET and POST is the way caching is handled in browsers. POST response is never cached. GET may or may not be cached based on the caching rules specified in your response headers.
Chetan Sastry
2009-12-10 19:41:37
A:
When we use GET method in AJAX,only the content of the value of the field is sent ,not the format in which the content is.For example ,content in text area is just added in url in case of GET method(without new line character).That is not the case in POST method.
ashish kumar
2009-12-31 05:49:24
A:
Thanks.. I mainly use GET method with ajax and I haven't got any problems until now except the following: IE (unlike FF and Google Chrome) cache GET calling if using same GET values. So, using some interval with ajax GET can show same results unless you change URL with irrelevant random number usage for each ajax GET.
Ecommerce website development
2010-01-21 17:01:33