List Info

Thread: Re: Reseting a chained action
Re: Reseting a chained action
country flaguser name
Germany		 2007-08-25 10:57:07 
* Pedro Melo <melosimplicidade.org> [2007-08-09 00:05]:
> On Aug 8, 2007, at 1:38 PM, A. Pagaltzis wrote:
> >If you do in fact modify state on the server based
on
> >information in the URI, I hope that you at least
require POST
> >for these requests?
> 
> We always redirect after POST.

That wasn’t what I was talking about at all.

The question is whether your URIs include commands, and if
so,
whether retrieving them with GET will trigger changes to
records
just the way POST does. In that case you have a problem.

> >Otherwise things like Google Web Accelerator or
Firefox’s
> >prefetching will badly break your app, proxy caches
may cause
> >heisenbugs, and all sorts of other mayhem.
> 
> I understand the dangers of not redirecting after POST


Again it has nothing to do with redirecting after POST.

It’s about whether you allow GET, which is supposed to be
safe,
ie if a client causes data loss by using GET to inspect a
resource, it’s not the client’s fault, it’s the
server’s.

Regards,
-- 
Aristotle Pagaltzis // <http://plasmasturm.org/&g
t;

_______________________________________________
List: Catalystlists.rawmode.org
Listinfo: ht
tp://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-
archive.com/catalystlists.rawmode.org/
Dev site: http://dev.catalyst.per
l.org/
Re: Re: Reseting a chained action
user name
 2007-08-25 12:50:59 
Hi,

On Aug 25, 2007, at 4:57 PM, A. Pagaltzis wrote:

> * Pedro Melo <melosimplicidade.org>
[2007-08-09 00:05]:
>> On Aug 8, 2007, at 1:38 PM, A. Pagaltzis wrote:
>>> If you do in fact modify state on the server
based on
>>> information in the URI, I hope that you at
least require POST
>>> for these requests?
>>
>> We always redirect after POST.
>
> That wasn’t what I was talking about at all.
>
> The question is whether your URIs include commands, and
if so,
> whether retrieving them with GET will trigger changes
to records
> just the way POST does. In that case you have a
problem.

huhs? GETs that change data? hmms.. that's a no-no here 

Best regards,
-- 
Pedro Melo
Blog: http://www.simplic
idade.org/notes/
XMPP ID: melosimplicidade.org
Use XMPP!



_______________________________________________
List: Catalystlists.rawmode.org
Listinfo: ht
tp://lists.rawmode.org/mailman/listinfo/catalyst
Searchable archive: http://www.mail-
archive.com/catalystlists.rawmode.org/
Dev site: http://dev.catalyst.per
l.org/
[1-2]

about | contact  Other archives ( Real Estate discussion Medical topics )