Is it safe to include links in emails which perform a state changing action when followed, or do some email virus scanners automatically follow links?
-
-
Replying to @simonw
I think the W3C still recommends to only use post requests for state changes (but can’t find it). Seems like Mailchimp and others use JavaScript to detect if a user loads the page and then trigger automatic unsubscribe for example
1 reply 0 retweets 3 likes -
Replying to @thijsniks
Aah that MailChimp trick sounds like it answers the question. Yeah I'm not keen on state changing GET at all, but surprised it breaks things.
1 reply 0 retweets 2 likes -
Replying to @simonw @thijsniks
More and more bots are using headless Chrome these days, especially as SPAs are becoming more popular. It’s safest to follow the spec.
1 reply 0 retweets 1 like -
Replying to @JimDabell @thijsniks
If a headless bot follows a GET link to an unsubscribe page which then uses JavaScript to trigger a POST presumably the headless bot will still trigger the action. Is one-click subscribe feasible today or do you need to get the user to then click a big confirmation button?
1 reply 0 retweets 0 likes -
Replying to @simonw @thijsniks
I don’t think it’s safe. If you’re looking to make it easier to unsubscribe, I would look at things mail clients do to make this easier. e.g. List-Unsubscribe, quick action buttons, AMP for Gmail.
1 reply 0 retweets 3 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
at
retweets