By electing to actionably mutate state on GET, one subscribes themselves to a world of hurt.
It is totally how the web works, both as defined by HTTP and in practice. Surely one can pile a dozen workarounds to circumvent the GET safety definition, but then it's just flat out simpler to have it be a POST or DELETE and work as intended.
That a lot of people are doing it a certain - broken - way certainly does not mean they are right.
https://www.rfc-editor.org/rfc/rfc7231#section-4.2.1
https://www.rfc-editor.org/rfc/rfc9110#name-safe-methods
By electing to actionably mutate state on GET, one subscribes themselves to a world of hurt.
It is totally how the web works, both as defined by HTTP and in practice. Surely one can pile a dozen workarounds to circumvent the GET safety definition, but then it's just flat out simpler to have it be a POST or DELETE and work as intended.
That a lot of people are doing it a certain - broken - way certainly does not mean they are right.