joemfb
commented
8 years ago What's the security advantage of POST over GET? With HTTPS, URL params are encrypted...
Open grtjn opened 8 years ago
joemfb
commented
8 years ago What's the security advantage of POST over GET? With HTTPS, URL params are encrypted...
grtjn
commented
8 years ago My first thought was that is was to get url params encrypted, but they are already. Reading further in recommendations it is about reading URL params from browser cache using JavaScript. Maybe not too big an issue with read-only requests like search van values, but it does make security audits squeak..
joemfb
commented
8 years ago Could I see those details from the audit? (maybe through another channel)
For extra security when running over https, request params should be avoided in url, and sent over request body whenever possible. Consider always using POST for /v1/search, /v1/values, etc..