Get safe

<a href="/items/id">
<form method="post" action="/items/id/edit">
<form method="get" action="/search">
<input type="search" name="term">
/search?term=value
  • “Log out” links that should be forms with a “log out” button — you can always style it to look like a link if you want.
  • “Unsubscribe” links in emails that immediately trigger the action of unsubscribing instead of going to a form where the POST method does the unsubscribing. I realise that this turns unsubscribing into a two-step process, which is a bit annoying from a usability point of view, but a destructive action should never be baked into a GET request.

--

--

--

A web developer and author living and working in Brighton, England. Everything I post on Medium is a copy — the originals are on my own website, adactio.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Why Choose Laravel: The Most Popular PHP Framework?

Neo4j-OGM and Spring Data Neo4j

Asynchronous Media load in WordPress plugin

Create a Portfolio Website in a jiffy

User Management using AWS Cognito @ DocsApp

As hybrid IT complexity ramps up, operators look to data-driven automation tools

Developing Ruby on Rails 5.1 apps with the AWS Cloud9 IDE

Run Jenkins & SonarQube in Docker

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Jeremy Keith

Jeremy Keith

A web developer and author living and working in Brighton, England. Everything I post on Medium is a copy — the originals are on my own website, adactio.com

More from Medium

Ruby not on Rails

Ruby on Rails is not Dying

Decorator ruby

Sinatra, an Oldie but Goodie