0

I have a simple static html site which uses jquery's POST-methods and some forms which also uses form method="post"...

i now get the following error: NetworkError: 405 Method Not Allowed

when i view the response header with firebug i see that the server (IIS btw.) does allow the following: GET, HEAD, OPTIONS, TRACE

My hoster says that he can't allow POST methods on static html files because of security reasons...

Can anyone tell me the security differences between POST and GET? I don't understand why GET is allowed and POST not. any help to argue that he can allow it would be very appreciated :-)

Thanks in advance Thomas

Thomas Veit
  • 47
  • 3

1 Answers1

0

The only thing that comes to my mind is spam-bots automatically post to every form on web page. Maybe provider assumed that if it is a static page it certainly has no captcha and would be prone to spamming. It's just a guess, and i've never seen such a weird policy. Maybe point him out some big hosting companies and say that it certainly doesn't look like security issue for them.

yakxxx
  • 2,841
  • 2
  • 21
  • 22
  • thank you! i'm just still confused about the fact that GET is allowed and POST not. even more after reading this: http://stackoverflow.com/questions/46585/when-do-you-use-post-and-when-do-you-use-get "POST is also more secure than GET, because you aren't sticking information into a URL. And so using GET as the method for an HTML form that collects a password or other sensitive information is not the best idea." – Thomas Veit Nov 02 '12 at 12:14
  • @ThomasVeit - Why are you trying to post to a static HTML file? You would usually post to something handled by a server side script so you can process what was posted. I don't see any point of doing this and of the hoster enabling it. – Martin Smith Nov 02 '12 at 12:28
  • @MartinSmith - i also don't see the reason ;) my company gave the job to an agency to reconstruct our software to show to our visitors as a demo-version. it seems like they copied everything just from the source including the post methods etc... – Thomas Veit Nov 02 '12 at 12:58