« hCard | Main | Quite the motivational speaker »

Oh well

The Spider of Doom: GET link rm -rf's CMS content.

C'mon - "Spider of Doom"? Nonsense.

"It's called GET because it *means* GET; grab me a representation of the state of the resource identified by this URI. " - Mark Baker

Using a side-effected HTTP GET to implement deletion is *bad* design and people have been pointing this out for years.

"Web Health Warning: Put All Destructive Actions Behind a POST Request" - Agile Web Development with Rails, David Heinemeier Hansson

It's midly depressing that Keith Gaughan is the only commentator over there explaining the issue.


March 28, 2006 08:07 PM

Comments

Keith Gaughan
(March 28, 2006 10:41 PM #)

I'm starting to think that the thread is a bigger WTF than its actual topic.

Keith Gaughan
(March 28, 2006 11:25 PM #)

It gets worse: now they're trying to make out that abusing JavaScript to submit forms is a good idea. You'd swear CSS just appeared yesterday.

Bill Seitz
(March 29, 2006 12:47 AM #)

I was shocked when I discovered in the Agile/Rails book that Rails generated templates where GET was used for things that should be in POST/PUT/DELETE.

http://webseitz.fluxent.com/wiki/RubyOnRails

Keith Gaughan
(March 29, 2006 04:06 AM #)

Rails hasn't done that for quite some time.

Post a comment

(you may use HTML tags for style)




Remember Me?

Trackback Pings

TrackBack URL for this entry:
http://www.dehora.net/mt/mt-tb.cgi/1790