On 2014-12-01 11:28, Israel Brewster wrote: > I don't know if this is a cherrypy specific question (although it > will be implemented in cherrypy for sure), or more of a general > http protocol question, but when using cherrypy to serve a web app, > is there anyway to prevent browser prefetch? I'm running to a > problem, specifically from Safari on the Mac, where I start to type > a URL, and Safari auto-fills the rest of a random URL matching what > I started to type, and simultaneously sends a request for that URL > to my server, occasionally causing unwanted effects.
This SO post[1] suggests that Firefox sets/sends a X-moz: prefetch header, while Safari and Chrome use the X-Purpose: preview header. You could create a decorator that sniffs those headers and reacts accordingly. Though be aware that, based on my reading, Safari only sends that X-Purpose header for the base page, not any referenced assets (JS, CSS, images, etc). Also, while I can't find any documentation on how Safari/Chrome(ium) handle it, if your logout/ page sends an HTTP/302 redirect to a final landing page, Safari/Chrome(ium) may be smart enough to not suggest (and thus not prefetch) the bounce page, only the landing page. I haven't investigated recently, but I remember Django's ability to trigger a log-out merely via a GET was something that irked me. I don't have a recent version of Safari (my only Apple machine is a PPC iBook laptop running 10.4 which no longer receives any updates) so I can't verify that this header is actually being sent in the case you describe, but it would be where I'd start hunting. All this to also say that performing non-idempotent actions on a GET request is just begging for trouble. ;-) -tkc [1] http://stackoverflow.com/questions/9852257/http-header-to-detect-a-preload-request-by-google-chrome -- https://mail.python.org/mailman/listinfo/python-list