GETable resources, that should be POSTable resources
TODO: These OpenACS-URLs are available via GET requests, but as the associated actions are either not safe or not idempotent (or both), they should be made available only via POST instead...
This is more of a problem nowadays as it was earlier, as current browsers (like Chrome or Safari) tend to fetch resources even before the user hits enter in the address bar (i.e. one cannot easily prevent that an unwanted action is taken while entering a similar URL).
In particular the actual (Jan 2014) versions of Safari on Mac OS X 10.9.1 automatically pre-fetches URLs for an url path, when sub-pages were visited in the past, and a user clicks in the url bar (as soon as it shows possible completions). One can e.g. shut down "automatically" the OpenACS server by on /acs-admin/, since Safari might "prefetch" /acs-admin/server-restart.
This page is only a TODO list, that should become a bug report later...