From 7ecf57646051eebc07bf20d68d8fbf0184bb66bd Mon Sep 17 00:00:00 2001 From: Willem Van Onsem Date: Sat, 17 May 2025 15:18:36 +0200 Subject: [PATCH] check --- .gitignore | 3 +++ antipattern/a-get-request-with-side-effects.md | 9 ++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index fe18114..f204a31 100644 --- a/.gitignore +++ b/.gitignore @@ -4,6 +4,9 @@ out_/ out_/* out_/** +# proofreads +*.proofread + # note file *.note diff --git a/antipattern/a-get-request-with-side-effects.md b/antipattern/a-get-request-with-side-effects.md index 0954df1..d880254 100644 --- a/antipattern/a-get-request-with-side-effects.md +++ b/antipattern/a-get-request-with-side-effects.md @@ -7,7 +7,7 @@ tags: [http, get-request, side-effects, query-string] layers: [views] solinks: [] --- -Often people construct views that have side, effects, for example: +Often people construct views that have side effects, for example: 
def remove_comment(request, comment_pk):
     Comment.objects.filter(
@@ -17,8 +17,7 @@ Often people construct views that have side, effects, for example:
 
 # Why is it a problem?
 
-Because this violates the HTTP standard. In the section [*safe methods* of the HTTP specifications [w3.org]](https://www.rfc-editor.org/rfc/rfc9110.html#name-safe-methods)
-it specifies that:
+This is a problem, because this violates the HTTP standard, specifically the section on [*safe methods* of the HTTP specifications [w3.org]](https://www.rfc-editor.org/rfc/rfc9110.html#name-safe-methods), which states that:
 
 > In particular, the convention has been established **that the GET** and HEAD methods **SHOULD NOT have the significance** of taking an action **other than retrieval**. These methods **ought to be considered "safe"**.
 
@@ -30,11 +29,11 @@ browser with an additional GET request, whereas most browsers will do that for
 a POST request.
 
 Search engines have web crawlers that look for URLs on pages, and will make GET
-requests to these pages to analyze the page that is returned and look for more
+requests to these pages to analyze the response and look for more
 URLs. This thus means that a GET request of such crawler might accidentally
 create, remove and update entities.
 
-Django also does not offer security mechanisms like a CSRF-token for GET
+Django also does not provide security mechanisms like a CSRF-token for GET
 requests. This thus makes [cross-site request forgery (CSRF) [wiki]](https://en.wikipedia.org/wiki/Cross-site_request_forgery)
 easier.