So my question is what is the right practise for securing GET HTTP requests. I have a GET endpoint that returns some data.
I have heard many people say GET requests don't need to be protected, Since if the request doesnt return any confidential data. It should be okay.
I wanted to know what the practise was in the industry?
CodePudding user response:
I think the same ... Already the http requests are not encrypted ... and in GET request it wont make a great difference because in this request you ask for something specific .... if you tried to secure it it would be just a headache since the data is not secured from the first place .
Thank you to verify with me if my respond was helpful