* Ronald J Kimball <[email protected]> [2010-11-22 18:50]: > I want to convert a GET request to a POST request, inside my > Catalyst app, before dispatching happens. For example, I want > to take a request like: > > GET /foo?method=POST&body={"foo":1}&content-type=text/javascript > > and convert it into a request like this: > > POST /foo > Content-Type: text/javascript > > {"foo":1}
This is really, really, really bad. It’s roughly like modifying a file system to be allow file deletion as a side effect of opening a file. GET is supposed to be safe, that is, it should be free of side effects that the user cannot be held responsible for. It is very, very easy to get a browser to send GET requests incidentally, eg. by putting the link in a `<img src>` or a stylesheet `<link>` and getting a user to visit. Things like Google Web Accelerator and other automated user agents (like search engines of course) also generally assume that GET is safe. Much web infrastructure also assumes that GET requests are cacheable, so if there are any proxies between the app and the user, sending multiple pseudo-POST requests may not actually do anything. > Background: I'm implementing a REST API using > Catalyst::Controller::REST. The API will be accessed via Ajax > running on third party websites, using JSONP to get around the > same-origin policy. Unfortunately, JSONP can only make GET > requests. So, I want to take that GET request and turn it into > a POST before Catalyst::Action::Deserialize does its magic. The same-origin policy is not there by mistake, but to keep your users safe from malicious 3rd party sites they may visit. Regards, -- Aristotle Pagaltzis // <http://plasmasturm.org/> _______________________________________________ List: [email protected] Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/[email protected]/ Dev site: http://dev.catalyst.perl.org/
