
HTTP Safety Doesn't Happen by Accident - dpmehta02
https://robots.thoughtbot.com/http-safety-doesnt-happen-by-accident
======
amenghra
It's too bad we don't have <a href=... method="post">.

The distinction between safe and unsafe is not only useful for things like
prefetching or caching but also for csrf. State mutation (whether intentional
or accidental) on get requests can totally undermine your site's web security.

