Cherrypy - prevent browser "prefetch"?
random832 at fastmail.us
random832 at fastmail.us
Tue Dec 2 08:33:01 EST 2014
On Mon, Dec 1, 2014, at 15:28, Israel Brewster wrote:
> For example, I have a URL on my Cherrypy app that updates some local
> caches. It is accessed at http://<server>/admin/updatecaches So if I
> start typing http://<server>/a, for example, safari may auto-fill the
> "dmin/updatecaches", and trigger a cache refresh on the server - even
> though I was just trying to get to the main admin page at /admin. Or, it
> might auto-fill "uth/logout" instead (http://<server>/auth/logout), and
> log me out of my session. While the former may be acceptable (after all,
> a cache update, even if not strictly needed, is at least non-harmfull),
> the latter could cause serious issues with usability. So how can cherrypy
> tell the difference between the "prefetch" and an actual request, and not
> respond to the prefetch?
Why is your logout form - or, your update caches form, etc - a GET
instead of a POST? The key problem is that a GET request is assumed by
browser designers to not have any harmful side effects.
More information about the Python-list
mailing list