View · Index

GETable resources, that should be POSTable resources

TODO: These OpenACS-URLs are available via GET requests, but as the associated actions are either not safe or not idempotent (or both), they should be made available only via POST instead...

This is more of a problem nowadays as it was earlier, as current browsers (like Chrome or Safari) tend to fetch resources even before the user hits enter in the address bar (i.e. one cannot easily prevent that an unwanted action is taken while entering a similar URL).

In particular the actual (Jan 2014) versions of Safari on Mac OS X 10.9.1 automatically pre-fetches URLs for an url path, when sub-pages were visited in the past, and a user clicks in the url bar (as soon as it shows possible completions). One can e.g. shut down "automatically" the OpenACS server by on /acs-admin/, since Safari might "prefetch" /acs-admin/server-restart.

This page is only a TODO list, that should become a bug report later...

 

  • /acs-admin/users/become
  • /acs-admin/server-restart

 

previous March 2024
Sun Mon Tue Wed Thu Fri Sat
25 26 27 28 29 1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31 1 2 3 4 5 6

Popular tags

17 , 5.10 , 5.10.0 , 5.9.0 , 5.9.1 , ad_form , ADP , ajax , aolserver , asynchronous , bgdelivery , bootstrap , bugtracker , CentOS , COMET , compatibility , CSP , CSRF , cvs , debian , docker , docker-compose , emacs , engineering-standards , exec , fedora , FreeBSD , guidelines , host-node-map , hstore
No registered users in community xowiki
in last 30 minutes
Contributors

OpenACS.org