durusmail: quixote-users: non-idempotent GETs
non-idempotent GETs
2005-05-10
Neil Schemenauer
2005-05-10
Titus Brown
2005-05-10
Mario Ruggier
2005-05-10
Neil Schemenauer
2005-05-10
Charles Hornberger
2005-05-10
A.M. Kuchling
2005-05-10
Neil Schemenauer
2005-05-10
Ryan Tomayko
2005-05-10
Graham Fawcett
2005-05-11
Graham Fawcett
2005-05-10
Jason Sibre
2005-05-10
Ryan Tomayko
2005-05-10
David Binger
2005-05-10
Neil Schemenauer
2005-05-29
Martin Maney
2005-05-29
David Binger
2005-05-29
Martin Maney
non-idempotent GETs
Jason Sibre
2005-05-10

> -> I'm not sure that Quixote does anything that actually needs to be
> -> fixed.  The fact that it doesn't, by default, differentiate between
> -> GET and POST is a little suboptimal.  It also makes it easy to
> -> violate this design principle.  Miguel has no sympathy:
> ->
> ->   http://primates.ximian.com/~miguel/archive/2005/May-08.html
> ->
> -> The Ruby on Rails guys are planning to work around the inconvenience
> -> of using GETs:
> ->
> ->   http://www.loudthinking.com/arc/000455.html
> ->
> -> I guess Quixote could provide a utility function if the link_to idea
> -> catches on.
>
> It might be worth mentioning it somewhere in the docs.  Certainly I've
> found that the 'object/delete' functionality is, umm, too obvious not to
> use ;).
>
> --titus

Ditto...
Fortunately, there are ways to use it and still be 'safe'.  For instance,
the delete url could verify it's the target of a POST before doing a delete,
and render a confirmation screen when it receives a GET.

I was bitten by the problem those folks (37Signals) were bitten by back in
2000 or 2001 (from a search engine spidering one of my apps), and I've been
fairly careful about using GETs and POSTs appropriately since.   Well, more
careful, anyway :]

Jason
reply