rspec/rules/S3752/description.adoc

An HTTP method is safe when used to perform a read-only operation, such as retrieving information. In contrast, an unsafe HTTP method is used to change the state of an application, for instance to update a user's profile on a web application.


Common safe HTTP methods are  GET, HEAD, or OPTIONS.

Common unsafe HTTP methods are  POST, PUT and DELETE.


Allowing both safe and unsafe HTTP methods to perform a specific operation on a web application could impact its security, for example CSRF protections are most of the time only protecting operations performed by unsafe HTTP methods.
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`An HTTP method is safe when used to perform a read-only operation, such as retrieving information. In contrast, an unsafe HTTP method is used to change the state of an application, for instance to update a user's profile on a web application.`

Force linebreaks 2021-02-02 15:02:10 +01:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`Common safe HTTP methods are GET, HEAD, or OPTIONS.`
Force linebreaks 2021-02-02 15:02:10 +01:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`Common unsafe HTTP methods are POST, PUT and DELETE.`

Force linebreaks 2021-02-02 15:02:10 +01:00
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`Allowing both safe and unsafe HTTP methods to perform a specific operation on a web application could impact its security, for example CSRF protections are most of the time only protecting operations performed by unsafe HTTP methods.`