context.app.get_record causes write on read.

[djay]

if I have the following element

def votes(context):
    path = context.content.absolute_url_path()

    record = context.app.get_record(path)

where votes is a BASIC element. When included in plone this will result in a confirm dialog due to the CSRF protection

[ebrehault]

You should get this crsf thing only once, the first time the soup storage is initialized. But once the storage is created, any other call (even anonymous or whatever) will be successful and without csrf dialog. An alternative would be to return an error on get_record if the storage is not initialized, and provide a specific URL to initialize it (like /create_storage) but I think it is easier that way.