You know how HTTP GET requests are meant to be idempotent? Well, do I have the story for you ... a while back I added WiFi control to our garage doors with little Wemos D1s.
The Wemos expose a simple web page with a link that says "Toggle". The endpoint for the link activates a relay, which is hooked up to the push-button on the garage door, which makes the door raise/lower/halt.
(This /toggle endpoint responds to GET requests. I threw the code together in minutes and was too lazy to spend another couple minutes figuring out POST. #regret)
Safari eventually figured out I used this /toggle page regularly, so added it to my favourites. Which are iCloud-synced between all my devices.
So every time I opened a new tab on my laptop, desktop, iPhone or iPad the garage door opened or closed. Late at night, early in the morning, or randomly throughout the day...
This, kids, is why GET requests should be idempotent.
@gnat Don't be sorry! I'm loving the comments! So many good stories.
@rombulow @bwilmsmann I‘m surprised that nobody complains about this misleading conclusion. Idempotency means that a repeated request still has the same side-effect. A GET request should have *no* side effect at all! (sometimes also called „nullipotent“).
@zargony @bwilmsmann Don't worry, there's been plenty of complaints! I should have said "side-effect-free" instead of "idempotent". To be fair, different things do happen: if door is down, door goes up. If door is going up, door stops. If door is stopped and was going up, door goes down, etc.
@rombulow I was going to start with a pun about RESTful and not sleeping because of your garage door opening and closing...
@fahey Haha! I actually figured it out while lying in bed late one night. I'd just tapped the new tab button in Safari on my phone when I heard the door start to open...
@rombulow I think the real issue here is, why would you put an unprotected endpoint to control your home on the internet? It seems to me that the fact that this was able to be bookmarked and cause an action without any type of authentication is more concerning than GET not being idempotent
@FrankLaszlo It's not on the internet, but sometimes I spend a lot of time at home.
@rombulow This is the greatest tweet ever Will!
@raysplacenspace I KNOW RIGHT!!!11
@rombulow Oh hey, I think I know you! Didn't expect that from a HN tweet!
@JamesPaulDuncan Hey James! I remember you!
@rombulow I also had a switch in the mix to include a timed open/close or to send out an email if the door was left open too long
@darrylgshift I love the sequence number idea. How did you send your email?
@rombulow bluetooth is more suitable for these kind of applications anyway i also found out similar way
@PvtMert WiFi has better range, and doesn’t need an app on my phone/computer. And I can control the garage remotely (e.g. via VPN) using only a web browser.
@rombulow I've read the thread, but I'm curious u developed using Arduino or used micropython in it? Completely out of the context, but just curious.
@ckalpit I was using the Arduino Software IDE. Pretty sure it was C++ or C, but it's been a few years since I've done either.
@rombulow I just wanted you to know I followed you for building out your own wifi garage door opener. Freakin' sweet.
@rombulow All you needed is a CAPTCHA or "I'm not a robot" checkbox for the /toggle control.
@rombulow Wow! But not only idempotent, POSTs shouldn’t be bookmarked or previewed as they are transactional.
@rombulow I love the thought of "DELETE"ing the door from the garage resource to open it and "PUT"ing the 'door' on the garage resource to close it.
@rombulow I had a similar issue 10+ years ago with my office fan turning itself on overnight, once a week. Finally traced it down to Google crawling my site and following a link to (my homemade) 'fan toggle' button that I didn't realize was accessible from the internets. Duh. :)
@rombulow May I suggest the Web Thing API? https://iot.mozilla.org/wot/ Helper libraries at https://iot.mozilla.org/things...
@rombulow @raymondcamden Sorry. But what does idempotent mean?