Cherrypy - prevent browser "prefetch"?
Israel Brewster
israel at ravnalaska.net
Tue Dec 2 10:59:58 EST 2014
> On Dec 2, 2014, at 4:33 AM, random832 at fastmail.us wrote:
>
> On Mon, Dec 1, 2014, at 15:28, Israel Brewster wrote:
>> For example, I have a URL on my Cherrypy app that updates some local
>> caches. It is accessed at http://<server>/admin/updatecaches So if I
>> start typing http://<server>/a, for example, safari may auto-fill the
>> "dmin/updatecaches", and trigger a cache refresh on the server - even
>> though I was just trying to get to the main admin page at /admin. Or, it
>> might auto-fill "uth/logout" instead (http://<server>/auth/logout), and
>> log me out of my session. While the former may be acceptable (after all,
>> a cache update, even if not strictly needed, is at least non-harmfull),
>> the latter could cause serious issues with usability. So how can cherrypy
>> tell the difference between the "prefetch" and an actual request, and not
>> respond to the prefetch?
>
> Why is your logout form - or, your update caches form, etc - a GET
> instead of a POST?
Primary because they aren’t forms, they are links. And links are, by definition, GET’s. That said, as I mentioned in earlier replies, if using a form for a simple link is the Right Way to do things like this, then I can change it.
Thanks!
—————
Israel Brewster
> The key problem is that a GET request is assumed by
> browser designers to not have any harmful side effects.
> --
> https://mail.python.org/mailman/listinfo/python-list
More information about the Python-list
mailing list