GET v POST and Google Web Accelerator considered harmful

GET v POST and Google Web Accelerator considered harmful

by Martín Langhoff -
Number of replies: 3
See this blog entry on the effect of Google Web Accelerator on web apps that disregard the difference between POST and GET:
http://37signals.com/svn/archives2/google_web_accelerator_hey_not_so_fast_an_alert_for_web_app_designers.php

Moodle is so far mostly safe from this kind of problem... with a few notable exceptions, and I think this is a wakeup call to get those fixed. Soon. I'm thinking of those course reordering links, and a few confirmation screens that use links instead of buttons.

In the meantime, let it be said: friends don't let friends use web accelerators. Really.

(Edit: I think I'll port something like http://david.backpackit.com/pub/37983 to our lib/setup but I'll need help testing it, as I don't have GWA handy.)
Average of ratings: -
In reply to Martín Langhoff

Re: GET v POST and Google Web Accelerator considered harmful

by Martín Langhoff -
There's now a test happening in lib/setup in both HEAD and STABLE, and I'm trying to get the GWA team to clarify whether GWA prefetches GET URLs with parameters (Moz doesn't).

What I need now is someone to test it.

To Martin D: I consider this check safe (safer than not having it, certainly). In any case, I'm happy to leave it out of 1.4.5 release (we can put the 145 tag just before it).
Average of ratings: -
In reply to Martín Langhoff

Re: GET v POST and Google Web Accelerator considered harmful

by Martin Dougiamas -
Picture of Core developers Picture of Documentation writers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Plugin developers Picture of Testers
That's good, thanks, yes, accelerators give me the creeps too.

I liked this comment (think of our logout link):

In addition I have found it impossible to use my web mail with thisrunning because as soon as I sign in Google Web Accelerator isclicking on the sign-out link, and killing my session.

Youd have thought Google would think these things through a bitmore, considering all the great minds theyre supposed to have workingfor them


We will have to be really really sure it's safe before thinking about removing that blocking.
Average of ratings: -
In reply to Martin Dougiamas

Re: GET v POST and Google Web Accelerator considered harmful

by John Papaioannou -
Yikes...

Friends don't let friends use web accelerators. big grin
Average of ratings: -