The server contains a protection mechanism that assumes that
					any URI that is accessed using HTTP GET will not cause a state change to the
					associated resource. This might allow attackers to bypass intended access
					restrictions and conduct resource modification and deletion attacks, since some
					applications allow GET to modify state.An application may disallow the HTTP requests to perform DELETE, PUT and
						POST operations on the resource representation, believing that it will be
						enough to prevent unintended resource alterations. Even though the HTTP GET
						specification requires that GET requests should not have side effects, there
						is nothing in the HTTP protocol itself that prevents the HTTP GET method
						from performing more than just query of the data. For instance, it is a
						common practice with REST based Web Services to have HTTP GET requests
						modifying resources on the server side. Whenever that happens however, the
						access control needs to be properly enforced in the application. No
						assumptions should be made that only HTTP DELETE, PUT, and POST methods have
						the power to alter the representation of the resource being accessed in the
						request.