In message <[EMAIL PROTECTED]> Johannes Erdfelt <[EMAIL PROTECTED]> wrote:
>Pre-filling the confirmation code is fine too (or hiding the >confirmation code as well since it means nothing to the user). > >If anything automatically submits a POST request, it is by definition >broken and nothing on the Internet will work for them. > >The point of a POST request is that is non-idempotent. Agreed. And yet, a number of prefetchers have done the trick in the past, so it's still not something I'd consider safe. Yes, this has a habit of wiping out all mail in webmail, moderating on forums, and other crap like that. A more user-friendly version is to pre-fill the domain and confirmation code from the URL, then use a "sign this agreement by entering your name" or relying on the phone number field to tell whether the submission was user driven or script driven. -- Dave Warren, [EMAIL PROTECTED] Office: (403) 775-1700 / (888) 300-3480 _______________________________________________ domains-gen mailing list [email protected] http://discuss.tucows.com/mailman/listinfo/domains-gen
