Hi, On 2/28/20 5:04 PM, 'Maher, Brian' via Django developers (Contributions to Django itself) wrote: > Are any current browsers dumb enough to prefetch logout links these > days? I would assume that most prefetch algorithms are smart enough to > not pre-fetch these.
We not only have to consider browsers, but also current and future frontend frameworks. I don't know how often people run into this in practice, but yesterday someone mentioned on IRC that they got caught by this while experimenting with some JS preloading. I also vaguely remember having seen reports on similar issues by others over the years (maybe not all of them for Django, though). You can also find tickets like https://bugs.chromium.org/p/chromium/issues/detail?id=86175. To sum up, I don't think this is a purely academical problem. > I just don’t see the benefit, in return for breaking practically every > logout button on every installation of Django around. If I write a logout button myself, I use POST nowadays. The logout view has supported POST for a while now. But I don't know how widespread POST vs GET is for this in user code overall. I don't think this is a particularly painful adjustment to make on a major version upgrade. Maybe we can provide a specific example in the release notes. IMO, in the end it is better to make users go through this at some point in time than to maintain the undesired behavior forever. -- René Fleschenberg -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/55c09ec2-8d40-aaf6-a190-a0925b6c7299%40fleschenberg.net.
