Hacker News new | ask | show | jobs
by rrjanbiah 1765 days ago
Here's a quick PoC:

  <link rel="prefetch" href="/actual_validate/email/1d00a5c2648c211befd33f5a8a7cbfab?prefetch=1">

  <script>
   location.href = "/actual_validate/email/1d00a5c2648c211befd33f5a8a7cbfab?js=1";
  </script>
  <noscript>
   <a href="/actual_validate/email/1d00a5c2648c211befd33f5a8a7cbfab?js=0" rel="nofollow" class="btn btn-primary" role="button">Click to confirm your account</a>
  </noscript>
1 comments
obuda 1765 days ago
Why the prefetch though? Reason being bots don't open them? If so, this is a really good idea!
link
eyelidlessness 1765 days ago
It’s likely faster for the noscript case.
link
obuda 1765 days ago
Yeah, I don't know about that. Wouldn't it be that the query strings differentiate the two links?

I assume so, because of an old trick where query strings are used for ad-hoc cache control as in /style.css?1629472765

link
eyelidlessness 1764 days ago
You’re right, I wasn’t paying close enough attention. That’s what I get for reading HN mostly on my phone!
link
rrjanbiah 1764 days ago
Query string is to differentiate the links (to understand which case is getting triggered)
link
obuda 1764 days ago
OK, but then the prefetch link as it stands is useless, no?
link