Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

AndyArmstrong (7200)

  (email not shown publicly)
Thursday July 02, 2009
05:24 AM

Safari 4 likes clicking

[ #39207 ]

Installing Safari 4 had a pretty strange effect for me: Lights in the house switched on and off at random.

It turns out that Safari likes to visit your favourite pages periodically to update its Top Sites browser. Which is fine unless some of the lights in your house are controlled by a web interface which uses GET for the light switch buttons.

Since it's private to the house network I hadn't bothered to password protect it. I assume Safari would have left it alone if I had. On a hunch I fixed the problem by switching the lighting control page to https - and it seems to have worked.

I can't help wondering 1) how many intranets it's attacked already and 2) does it know to refrain from clicking on sites that use cookie based auth (RT?) and if so, how?

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • The HTTP spec states that GET should be safe and should never assume that the client is asking for any side-effects. Use PUT or POST for those.

    • If I thought Safari was doing anything wrong I'd have been nastier about it. The point was that it's doing something that browsers haven't done in the past and that's going to cause a bit of head scratching until people realise that Safari goes off on little jaunts through your favourites when it feels like it. It's pretty common IME for people to assume that if they're on a private network they don't need to worry about using GET with side effects.

      Years ago I had a client who couldn't understand how pages

      • Look for ["web accelerator" rails []] for the last big brouhaha. I don’t know what to think about this… it’s not uncommon, but that doesn’t make it any less misguided, so I don’t know whether to fault the agents that do this sort of thing. More importantly, short of abstaining from such requests all together (which means withholding a nice feature), I don’t see what they could do, so I wouldn’t know how to fault them.