GETS vs POST
GET and POST requests in HTTP traffic
This web page illustrates the use of GET vs POST in HTTP
requests using a form element and an image element included in a web page.
Using GET vs POST
Some sample form, to generate a GET request:
Please enter your name to register
Now the same with POST instead of GET:
Please enter your name to register
Exercise 1: Try out the buttons above, and look at the generated web
traffic in the OWASP ZAP proxy.
You should see GET and POST requests to www.w3schools.com.
Here you should see that for the GET requests the two parameters, firstname and lastname end up in the URL, whereas with the POST request they do not, but are in the body.
Using GET and POST with a hidden field
Now a GET with a hidden field for the first name. This could for instance be a webpage tailored for user 'John' who already supplied their first name:
Hello John, please also enter your last name to register:
Now the same, but with a POST field:
Hello John, please also enter your last name to register:
Exercise 2: Look at the HTTP trafic to see which value are sent
at the first name, and look at the HTML source of this webpage to see where the
hidden parameters come from.
Including images in a web page
This webpage also includes an imagine, namely the Radboud logo
to the right of this text. The browser takes care of wrapping the text around the
image: if you resize your browser window to make it wider or
narrower you should see the text is wrapped around the image
differently.
Exercise 3
- Look at the HTML source of this webpage to see how this
picture is included in the webpage.
- Is this image loaded with a GET request or a POST request? Look at the HTTP
traffic in ZAP to figure that out. (The image may
be cached in your browser; if that is the case you will not see the image being
retrieved by the browswer if you reload the page and you
may need to clear the image cache or restart the browser.)
- To get an impression of what the HTML spec looks like,
look at the
specification of the <img> element in the HTML spec.
This for instance lists the attributes that this element takes and how browsers are meant to process these.
Some of these attributes, like
width,
are pretty self-explanatory, but others, like the
alt attribute,
are less so and come with lots of guidance on how it should
be use, for instance see the
Requirements for providing text to act as an alternative for images.
- Copy this file to your own computer and edit it to
change it to have the Radboud logo displayed in a different
size or left-adjusted rather than right-adjusted.