This “Speed brain” feature encourages Chrome to more agressively prefetch links than it otherwise would.
This has been introduced and unbelievably turned ON by default.
If you have Cloudflare in front of your site, Chrome will prefetch a link on mouse-down of the link (which is frankly absurd) - it will then also follow the link on completion of click which ends up in a double click situation.
We have just released a Preside release that adds some protection for action links, but it is something you may want to be aware of generally for other types of interaction where links have some meaning (I understand that ultimately GET requests and links should not result in an action, but there are places where it is hard to not make it so).
This is really absurd! On mouse-down. How silly is this.
My opinion on Cloudflare: I’m not a big fan of it. It has some really awesome features, but GDPR wise it’s not good to use it. Too much data is transfered outside the EU (which is indeed a different to the UK after Brexit).
But beside this, thanks you for taking care of this breaking change.
The mouse-down behaviour is actually Chromium’s interpretation of “Conservative” prefetching of all links in a page that visit the same site. More aggressive interpretation would presumably be to prefetch on hover, etc. But really what are they saving by prefetching on mouse down? Just wait and don’t break shit!
Turns out that CloudFlare have messed up big time here. These prefetch requests are not meant to be making their way through to origin servers, but they are.
Prefetch requests will never reach origin servers. Prefetch requests only serve content that is stored in Cloudflare’s Cache. If the content is not in Cache, the prefetch request will not continue to origin servers. Without this safeguard, origin server state could be modified despite the prefetch response not being rendered in the browser. An example of this could be a prefetch GET request to a sign-out URL inadvertently triggering a sign-out action on the server.
And yet this is absolutely what they are doing immediately without warning across their entire free-tier user base.