Comment by bryanrasmussen
3 months ago
Everybody has already pointed out the problem with GETTING a deletable resource, but I figured I would add this (and maybe someone will remember extra specifics).
About 2007 or so there was a case where a site was using GET to delete user accounts, of course you had to be logged in to the site to do it so what was the harm the devs thought, however a popular extension made by Google for Chrome started prefetching GET requests for the users - so coming in to the account page where you could theoretically delete your account ended up deleting the account.
It was pretty funny, because I wasn't involved in either side of the fight that ensued.
I would provide more detail than that, but I'm finding it difficult to search for it, I guess Google has screwed up a lot of other stuff since then.
on edit: my memory must be playing tricks on me, I think it had to be more around 2010, 2011 that this happened, at first I was thinking it happened before I started working in Thomson Reuters but now I think it must have happened within the first couple years there.
JimDabell earlier recalled 37Signals and the Google Web Accelerator that sounds like what you mean: https://news.ycombinator.com/item?id=42619712
yes, that's it. Thanks.