What are safe and unsafe requests?


In a HTTP security context, requests are:

  • safe if they don't have a method that changes the state (ie GET, HEAD)
  • unsafe otherwise (ie with the method POST, PATCH, PUT)

When the type of request has been determined, it will have consequences on the security protocol of the Web. For instance, if cookies are sent or not with the samesite property.

Unsafe Request Protection

Unsafe requests are generally protected with a CSRF token.

Discover More

PATCH is an HTTP method that: update a resource provide only the data to be changed can't be cached is unsafe
Web HTTP - SameSite Cookie property (First-Party-Only)

samesite is a cookie property that controls if a cookie should be sent along in a cross-site HTTP request ie: when the origin of the code (HTML, Javascript, ..) that created the request (generally the...
What are the HTTP Request Methods (Get, Post, Put, )?

The http method is a mandatory header of http request that defines the type of operation. A minimal get request from this page It's used by the web server router to map a request to a function....

Share this page:
Follow us:
Task Runner