10 lines
589 B
Plaintext
10 lines
589 B
Plaintext
An HTTP method is safe when used to perform a read-only operation, such as retrieving information. In contrast, an unsafe HTTP method is used to change the state of an application, for instance to update a user's profile on a web application.
|
|
|
|
|
|
Common safe HTTP methods are GET, HEAD, or OPTIONS.
|
|
|
|
Common unsafe HTTP methods are POST, PUT and DELETE.
|
|
|
|
|
|
Allowing both safe and unsafe HTTP methods to perform a specific operation on a web application could impact its security, for example CSRF protections are most of the time only protecting operations performed by unsafe HTTP methods.
|