Cherrypy - prevent browser "prefetch"?

[Tim Chase]

On 2014-12-01 11:28, Israel Brewster wrote:
> I don't know if this is a cherrypy specific question (although it
> will be implemented in cherrypy for sure), or more of a general
> http protocol question, but when using cherrypy to serve a web app,
> is there anyway to prevent browser prefetch? I'm running to a
> problem, specifically from Safari on the Mac, where I start to type
> a URL, and Safari auto-fills the rest of a random URL matching what
> I started to type, and simultaneously sends a request for that URL
> to my server, occasionally causing unwanted effects.

This SO post[1] suggests that Firefox sets/sends a

  X-moz: prefetch

header, while Safari and Chrome use the

  X-Purpose: preview

header.  You could create a decorator that sniffs those headers and
reacts accordingly.  Though be aware that, based on my reading,
Safari only sends that X-Purpose header for the base page, not any
referenced assets (JS, CSS, images, etc).

Also, while I can't find any documentation on how Safari/Chrome(ium)
handle it, if your logout/ page sends an HTTP/302 redirect to a final
landing page, Safari/Chrome(ium) may be smart enough to not suggest
(and thus not prefetch) the bounce page, only the landing page.  I
haven't investigated recently, but I remember Django's ability to
trigger a log-out merely via a GET was something that irked me.

I don't have a recent version of Safari (my only Apple machine is a
PPC iBook laptop running 10.4 which no longer receives any updates)
so I can't verify that this header is actually being sent in the case
you describe, but it would be where I'd start hunting.

All this to also say that performing non-idempotent actions on a GET
request is just begging for trouble. ;-)

-tkc

[1]
http://stackoverflow.com/questions/9852257/http-header-to-detect-a-preload-request-by-google-chrome