= Trac HTTP Methods = To protect against [http://www.squarefree.com/securitytips/web-developers.html#CSRF CSRF attacks] and to adhere to the HTTP RFC rules on [http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.1 Safe and Idempotent Methods], * Check that all requests that create, modify or delete resources use the HTTP POST method. * Use real server-side confirmation for deletion of wiki pages and attachments, instead of the JavaScript confirmation dialog. This policy started with changeset [1701], as explained in [http://lists.edgewall.com/archive/trac/2005-August/004003.html a Christopher Lenz email].