[Nextgrid]

To be fair, an HTTP GET request should never modify the state of the system - hitting a link should not change anything.

If you need to expire links then make the initial link display a form with a submit button (which does a POST) to reveal the content (and expire the link). Legitimate crawlers don’t submit forms so it should be safe.

[mehrdadn]

> To be fair, an HTTP GET request should never modify the state of the system

In theory. But that's not how the world I live in seems to work.

[bagacrap]

I think it's pretty common practice. Otherwise search engine web crawlers would be wreaking havoc.

[mehrdadn]

No, both your logic and premise are incorrect. To give just one example, rate-limiting is clearly widespread stateful practice applied to GET requests, and it doesn't cause web crawlers to wreak havoc on anything.