i lolve you
New Member
After reading the famous (and only) article about trying to explain why \[code\]asmxs\[/code\] should NOTallow Get requestsso we shouldn't use : \[code\][ScriptMethod(UseHttpGet = true)]\[/code\] , I still I have a question :Why ?Web service , as its name is a service , he doesn't suppose to care if it's GET or POST : Even if a person do a CSRF : like embedding in his malicious site : \[code\]<script type="text/javascript" src="http://contoso.com/StockService/Stock.asmx/GetQuotes?symbol=msft" /> \[/code\]so what ?Via asmx POV - it is just a normal request.Can someone please spot for me the problem with example ?