AllowUnsafeUpdates and ValidateFormDigest

Add this to the list of things every SharePoint developer should know (up there with disposing SPWebs and SPSites).

In general…

  1. Don’t update SharePoint objects on a GET request
  2. Call SPUtility.ValidateFormDigest() before anything on a POST request

Here are the two links to read: