Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trialMaria Caruso
2,858 PointsPost vs Get
In this video the teacher explains that GET requests are used to get records, while POST requests add new records. At my job our development team often talks about POST requests as being a secure version of a GET request. Is this true? Are POST requests used elsewhere outside of APIs, or for sending secure data (not just creating data)...Or am I understanding this incorrectly?
3 Answers
Steven Parker
231,269 PointsHi, Maria, I also got your request for an answer.
I agree with most of the information Jennifer has already given you regarding the most common uses for GET
and POST
. But if we disregard conventions, the purpose that the data is used for is not important to the delivery mechanism, so either could be used as a request or to add information.
So the main differences are:
- Security —
POST
data is not contained in the transport headers or displayed by the browser. And it it encrypted when the HTTPS protocol is being used. Furthermore:-
GET
requests can be cached -
GET
requests remain in the browser history -
GET
requests can be bookmarked
-
- Data Volume —
GET
data could have a size limit imposed by servers or proxies. - Tamper Reduction — URI's (
GET
requests) area easily entered into the browser address bar, butPOST
data requires additional steps or tools. - Content Restrictions — URI's are intended to be readable, so
GET
requests would not be a good choice for carrying binary data as it must be encoded.
Jennifer Nordell
Treehouse TeacherHi there! I received your request for assistance. And let's hope I've got this right. To be clear, I'm not an InfoSec expert.
A GET request is sent via URL. This means that the parameters provided in the request are plainly visible right in your browser bar. A POST request, by contrast, sends its information in the body of the request. This can be encrypted over HTTPS and is not immediately visible.
A GET request can be seen by anyone currently watching your screen
As I understand it, any and all sensitive information should be sent via POST, if possible.
Hope this helps! (and someone let me know if I've gotten this all wrong)
Maria Caruso
2,858 PointsHi, yes! This is what I've heard, but the video seems to draw a distinction between GET and POST: where GET is only used to request information, and post is only used to add information. Based on what you've said, this isn't totally correct since you can use POST to securely request information...right?
Jennifer Nordell
Treehouse TeacherMaria Caruso I believe that to be correct. That being said, this particular course is marked as "Beginner" level and that topic would be way beyond the scope of this course. Also, while you may use POST to request information, I feel fairly certain that you may not use GET to add information.
But there are places where GET does make sense. For example when I submit to the TTH server a request to pull up a video on JavaScript, there's nothing sensitive about that request. And I don't recall anything in this particular course where we're handling sensitive data.
But likely as not, what we want here is the real answer from the guru. So I'm going to tag Andrew Chalkley
Andrew Chalkley
Treehouse Guest TeacherPOST is only secure if it's over HTTPS :) GET is also secure over HTTPS too.
The only "security" issue POST has over GET is that the browser history doesn't have a query string with POST requests. If someone has your browser history, I think you have bigger security issues!
Maria Caruso
2,858 PointsJennifer Nordell Steven Parker Andrew Chalkley Thank you all so much for these responses! They were all very helpful.
Maria Caruso
2,858 PointsMaria Caruso
2,858 PointsThanks! And as a general comment, you're answer is the kind of thing I wish I could "pocket": save for review later in Treehouse. That would be a really nice option to add to the communities, especially since since community is used by many of us as reference material :)
Steven Parker
231,269 PointsSteven Parker
231,269 PointsI often bookmark forum pages in my browser. Would that be similar to what you are suggesting?
Maria Caruso
2,858 PointsMaria Caruso
2,858 PointsSomewhat. I just think it would be nice to have the feature be internal to treehouse. Some place where students could take notes within treehouse, link to forum answers, tag content, etc. But yes, I'm definitely bookmarking your answer for now!
Steven Parker
231,269 PointsSteven Parker
231,269 PointsAnd you can submit suggestions to Support.