-
Cameron Conn authored
HTTP GET requests are *supposed* to be idempotent, meaning that a single GET request shouldn't change the content of a page. Therefore, that means that the page deletion mechanism (using a GET request) did not fit spec. Moreover, it was not protected by SHIM's anti-CSRF security mechanisms (only POST requests are protected). Basically, this makes SHIM make logically make more sense, and makes it a little safer.