Last modified: 2013-10-28 20:33:33 UTC
I just accidentally rebooted an instance that I already rebooted a few hours earlier by re-opening the tab the POST request was on (seems Chrome no longer shows the "Are you sure you want to resubmit?" dialog when refreshing a POST submission page response). Seems sensible to use a nonce maybe (at least in the front-end, not sure about the API). The API doesn't need it for AJAX either, since such interface isn't subject to accidental refresh (you'd have to purposely click it again). This is about the non-AJAX link targets such as "Actions: reboot" on a nova instance description page.