Cherrypy - prevent browser "prefetch"?
sohcahtoa82 at gmail.com
sohcahtoa82 at gmail.com
Mon Dec 1 15:41:08 EST 2014
On Monday, December 1, 2014 12:29:04 PM UTC-8, Israel Brewster wrote:
> I don't know if this is a cherrypy specific question (although it will be implemented in cherrypy for sure), or more of a general http protocol question, but when using cherrypy to serve a web app, is there anyway to prevent browser prefetch? I'm running to a problem, specifically from Safari on the Mac, where I start to type a URL, and Safari auto-fills the rest of a random URL matching what I started to type, and simultaneously sends a request for that URL to my server, occasionally causing unwanted effects.
>
>
> For example, I have a URL on my Cherrypy app that updates some local caches. It is accessed at http://<server>/admin/updatecaches So if I start typing http://<server>/a, for example, safari may auto-fill the "dmin/updatecaches", and trigger a cache refresh on the server - even though I was just trying to get to the main admin page at /admin. Or, it might auto-fill "uth/logout" instead (http://<server>/auth/logout), and log me out of my session. While the former may be acceptable (after all, a cache update, even if not strictly needed, is at least non-harmfull), the latter could cause serious issues with usability. So how can cherrypy tell the difference between the "prefetch" and an actual request, and not respond to the prefetch?
>
>
>
>
>
> -----------------------------------------------
>
> Israel Brewster
>
> Systems Analyst II
>
> Ravn Alaska
>
> 5245 Airport Industrial Rd
>
> Fairbanks, AK 99709
>
> (907) 450-7293
>
> -----------------------------------------------
That sounds like a seriously misbehaving client to me. Your browser should not be sending requests until the user actually chooses a URL to open.
The only thing I would suggest is to check the HTTP request headers (cherrypy.request.headers) of a genuine request versus one made by the automatic URL completion. If there are different headers, such as maybe an "X-Prefetch: True" or something, you could check for that.
More information about the Python-list
mailing list