On Mon, Dec 1, 2014, at 15:28, Israel Brewster wrote: > For example, I have a URL on my Cherrypy app that updates some local > caches. It is accessed at http://<server>/admin/updatecaches So if I > start typing http://<server>/a, for example, safari may auto-fill the > "dmin/updatecaches", and trigger a cache refresh on the server - even > though I was just trying to get to the main admin page at /admin. Or, it > might auto-fill "uth/logout" instead (http://<server>/auth/logout), and > log me out of my session. While the former may be acceptable (after all, > a cache update, even if not strictly needed, is at least non-harmfull), > the latter could cause serious issues with usability. So how can cherrypy > tell the difference between the "prefetch" and an actual request, and not > respond to the prefetch?
Why is your logout form - or, your update caches form, etc - a GET instead of a POST? The key problem is that a GET request is assumed by browser designers to not have any harmful side effects. -- https://mail.python.org/mailman/listinfo/python-list