What are safe and unsafe requests?

What are safe and unsafe requests?

About

In a HTTP security context, requests are:

  • safe if they don't have a method that changes the state (ie GET, HEAD)
  • unsafe otherwise (ie with the method POST, PATCH, PUT)

When the type of request has been determined, it will have consequences on the security protocol of the Web. For instance, if cookies are sent or not with the samesite property.

Unsafe Request Protection

Unsafe requests are generally protected with a CSRF token.




Discover More
What is the PATCH HTTP method?

What is the PATCH HTTP method? PATCH is an HTTP method that: update a resource provide only the data to be changed can't be cached is unsafe
What are the HTTP Request Methods (Get, Post, Put, )?

... The http method is a mandatory header of http request that defines the type of operation. A minimal get request from this page It's used by the web server router to map a request to a function....
What is the SameSite Cookie property? First-Party and third-party cookie control

samesite is a cookie property that controls if a cookie should be sent along in a cross-site HTTP request ie: when the origin of the code (HTML, Javascript, ..) that created the request (generally the...



Share this page:
Follow us:
Task Runner