Dealing with HEAD requests

Posting this solution here for anybody that might use “magic links” for login. I’m sure there are other use cases as well that entail sending out a link via email, and then performing some action based on that linked being clicked.

Some email systems (eg. Outlook) have “safe links”, that do a HEAD request (rather than GET) to see if they will allow the user to continue to the link destination. If this link is an API action, the request will be processed on the HEAD request AND the GET request, thus creating the potential for unexpected results.

To fix just wrap the whole api in a condition that will allow the HEAD request to pass safely, but it won’t process any actions.

$_SERVER.REQUEST_METHOD == 'GET'

I was struggling with a working magic link api that would remove a token from the database after it was successfully used by the user. Then along comes hotmail with safe links. The HEAD request would produce a valid code and thus be removed from the database, but then the GET request had no token to be found!

When I first viewed the title of this thread I had to look to see if a new forum area had been created, behind the Coffee Lounge… The Martini Room!

Do you guys get head requests very often? @psweb

Oh man, now look what I’ve done.

Too funny hahahahahaha! Literally spat my tea out, really should have swallowed, the mess!

The gift that keeps on giving.

Shouldn’t this thread go into the official docs? Those that appear in Wappler’s website.

Just saying.

Moved there now

Bahaha, only in my dreams.