What are safe and unsafe requests?

About

In a HTTP security context, requests are:

  • safe if they don't have a method that changes the state (ie GET, HEAD)
  • unsafe otherwise (ie with the method POST, PATCH, PUT)

When the type of request has been determined, it will have consequences on the security protocol of the Web. For instance, if cookies are sent or not with the samesite property.

Unsafe Request Protection

Unsafe requests are generally protected with a CSRF token.




Discover More
HTTP - PATCH Method

PATCH is an HTTP method that: update a resource provide only the data to be changed can't be cached is unsafe
HTTP - Request Method (Get, Post, Put, )

The http method is a mandatory header of http request that defines the type of operation. A minimal get request from this page HTTP defines a set of operations. By order of most frequent: Method...
What is the SameSite Cookie property? First-Party and third-party cookie control

What is the SameSite Cookie property? First-Party and third-party cookie control samesite is a cookie property that controls if a cookie should be sent along in a cross-site HTTP request ie: when...



Share this page:
Follow us:
Task Runner