Why are there so many POSTs?

I've had a couple people ask why there are so many POSTs (rather than GETs -- i.e., links) -- that is, why there are so many submit buttons in the Openomy beta. Here's the answer.

Google has reintroduced their Google Web Accelerator with a vengeance. It was evil enough the first time around, but this time it’s downright scary.

In version 1.0, web masters at least had a fighting chance as the GWA identified its requests with a “X-moz: prefetch” header (as prescribed by Mozilla). Sure, everyone in the world had to change their web applications to fit Google’s vision of a perfect world, but at least they could.

Not so for version 2.0 of this virus. It ships with a brand new mutation: The header is gone! There’s now no way to identify a pre-fetch from a regular request, which means that it’s no longer possible to block the GWA.

If you're going to program AJAXy (even in the slightest), you need to realize at least some of the security implications. I have a feeling we'll be discovering a lot of XmlHttpRequest holes in the next few months and years (sort of like this one), so at least give it a little thought. That starts with realizing there are very poorly written apps out there and taking the simple steps to protect yourself.