0

I want to build up a list of ways to cause HTTP submissions in a web document (HTML, Javascript, etc.) Here's what I have so far, with the HTTP verb(s) that can be used:

  • A links (GET)
  • FORMs (GET, POST)
  • AJAX requests (All HTTP verbs)

Are there any other ways to submit things via HTTP in a web document? And are there any other verb(s) that can be used with the above methods that I haven't listed? In particular it would be cool if you could specify a method for A links - I'd like to have the browser submit a DELETE request for some of my A links which delete things.

Jez
  • 27,951
  • 32
  • 136
  • 233
  • 1
    "Are there any other ways to submit things via HTTP in a web document?" — Lots. This isn't really a suitable question for Stackoverflow. It's too open ended and doesn't address any problem. – Quentin May 16 '13 at 13:01
  • Please, don't let any link directly change or delete data unless you are really sure that no index script (e.g. search engines) will inspect your site! However, it's still dangerous if someone shares a link which deletes data for the logged-in user. – ComFreek May 16 '13 at 13:11
  • @ComFreek How would you suggest it be done then? Via JavaScript? – Jez May 16 '13 at 13:31
  • @Quentin I disagree. You say "lots" but give no examples. I think there are a finite, relatively small, number of ways to do it. Therefore, a definitive, objective answer can be given to the question. And it addresses the problem I have of how best to get a "delete" button on my page. I can think of a couple of hacky ways to do it, but for all I know there is a better way to submit the DELETE request to the server that I'm unaware of. – Jez May 16 '13 at 13:35
  • @Jez This kind of security holes are called 'Cross-site request forgery' (or short: 'CSRF'). Here is a good starting point: https://owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet – ComFreek May 16 '13 at 15:19

1 Answers1

1

I'll add

  • JSONP
  • Post/Get using browser plugins (Flash, Java, etc...)
Community
  • 1
  • 1
Stasel
  • 1,298
  • 1
  • 13
  • 26