We can use Tamper Data for tampering the POST requests, but I want to know if there is any tool to tamper the requests which are mix of GET and POST
like : http://example.com/?time=123456&date=22-12-2012
and also have associated POST data.
With Tamper Data I can only change the POST parameters and not GET, and if I use another way to change GET parameters, I loses the POST data.
Try fiddler. That gives you control over GET and POST data (the entire request in general) and should be able to do what you desire.
It even has its own associated FiddlerScript which helps automate handling (redirection, editing, etc) of web requests.
Related
I was reading up on how to create a telegram bot and I see that to set a web hook you use the GET http method. I assume that your link will be stored somewhere on telegram servers.
So now my question is:
Why not use the POST http method? What is the advantage of this design of using GET http method in this case rather than POST http method for something that pushes data?
Bot API supports GET and POST HTTP methods both. It's up to you what to use. (See this or this). I think it makes the API easy and fast to get started with.
For the sake of simplicity one might choose a simple GET request to set a webhook - Put together a Url with some parameters and call it in a web browser, done! Webhook is now set.
Still it is possible to do the same with a POST request (and you can argue it is the preferred way to do so). But it would need tools like Postman, CURL or some browser extensions.
I am new to ASP.NET MVC. I am using http POST for custom validation. Recently I learned that both http POST and http GET are used to send data to the server. HTTP POST is more secure while http GET is less secure as it sends the data in the query string.
I want to know then, is it possible to get completely rid of HTTP GET in my project as its function is similar to http POST? I tried that but it immediately gave error as soon as I started debugging the project. It said "The resource cannot be found.". I am confused. Please help.
I would recommend to review Http Methods - MDN
Since you just started the right course of action would be to use GET to obtain the data (e.g. load the form) and POST to update the data (submit the form to the server).
If the application you are working on is written in plain ASP.NET MVC it will be impossible to completely avoid GET (as it is used by the browser to load application pages/views).
Once you are ready to move to REST APIs you might want to deeper explore PUT, DELETE and other methods
Is it possible to send content body with get request in c# using HTTP 1.1(RFC 2616). I also Need How to implement this in c#. I am getting protocol violation exception:can't send content body with this verb type.
Not really, and it has nothing to do with C# or ASP.NET specifically.
Technically you may be able to include a request body in a GET request. If certain objects in .NET don't allow you, you can always craft such a request manually and work around those objects. However, that effort isn't going to get you very far, because GET requests aren't supposed to have request body content. So the server is most likely going to ignore it anyway, if it's not dropped by something in between.
The bottom line is, GET requests don't have a request body. Whatever you're trying to accomplish should be accomplished by some other means.
I use always HttpGet or HttpPost even when my action is executing a delete method on the database.
For what should I use then HttpDelete/HttpPut ?
Web browsers only support GET and POST, so if you are building a web site, there is no need for PUT or DELETE. If you are building a RESTful api, though, PUT and DELETE are the way to go if you want your users to be able to put and/or delete stuff.
EDIT: It seems browsers do support DELETE and PUT in their implementations of XMLHttpRequest. Hence you can use them in ajax requests. Html forms, though, do not support them.
If you build an OData service.
HTTP DELETE - Deletes the entity data that the specified resource represents. A payload is not present in the request or response messages.
HTTP PUT - Replaces existing entity data at the requested resource with new data that is supplied in the payload of the request message. (msdn)
There's a presentation with Scott Hanselman that might be interesting. (I haven't seen it yet.)
There's also a couple of lectures on pluralsight on OData if you have a subscription there.
I guess you have understood about the use of DELETE request but PUT is a little different thing.
If I'm creating a new resource in the server and if the URI through which it can be accessed is decided by me then I'll go for PUT. In most of the cases the URI is decided by the server and hence POST go for creation and PUT usually for update.
Final thing is, like GET both DELETE and PUT are idempotent, means how many times the client send the requests serially the state of the server should be changed to same as in the first request.
I have been told that a POST in some way does a double send to the server but GET does not. It sounds a bit crazy to me though.
Basically I'm working on a web project where each client calls a web service every 2 seconds from many countries and possible bad internet connections. So we want to make the calls and responses as tiny as possible between JavaScript and ASP.Net.
Security is not a problem and basically the poll is just returning data. Login is required to use it anyway.
I have been told that a POST in some way does a double send to the server but GET dose not. It sounds a bit crazy to me though.
You have been told wrong. The only difference is that POST allows for sending larger amount of data to the server and of course the more data you send the slower it will be. But if you send the same amount of data there won't be any difference in terms of performance between a GET and POST request.
One important thing to note as well is that if you are calling this service from javascript GET requests might be cached by the client browser. So for example if you are calling the same url over and over again using an AJAX GET request you might get cached values and the server never hit. To workaround this issue you could append a random number in the query string which has no meaning for the server but which changes the url and avoids it being cached.
When sending thru ajax post, some developers may have inited post on form submit and a submit button click. Later when they press the send button, both actions get fired. This might be the experience that people who have told you double sending thing experienced.
Note: This double sending of POST is totally a developer's fault. HTTP POST method has nothing to do with it.