New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make releases dropdown form method GET instead of POST #1419

Open

GregKaleka opened this issue Nov 6, 2024 · 1 comment

Assignees

Labels

Collaborator

GregKaleka commented Nov 6, 2024 •

edited

Loading

On the /releases/ page, the version dropdown form performs a POST request, which is a bit silly. We should change this form to perform a GET request.

GregKaleka assigned rbbeeston

GregKaleka added this to website-v2

Collaborator

sdarwin commented Nov 6, 2024

On this point, just to clarify, Django automatically adds a csrf_token to forms with method="POST". If we change it to GET, then new users will not see the csrf token in the first place. That obviously won't remove cookies for users who visited the site before such a change.

That is probably often the case. And it's a very good point!

At the same time... I was able to remove the csrf_token from a few pages (including the one under discussion, I believe.) See https://github.com/boostorg/website-v2/pull/1073/files . So that issue should be solved.

if switching from POST to GET doesn't cause the URL in the browser bar to add many extra variables.... then this update could still be done

rbbeeston added the Maintenance label

rbbeeston moved this to Accepted in website-v2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment