Forwarded message: From: Timothy Appnel <t...@appnel.com> > To: CGI Application <cgiapp@lists.erlbaum.net> > Date: Tuesday, May 10, 2011 2:38:03 PM > Subject: REST tunneling in CGI::Application::Dispatch > > I've started a branch to implement REST tunneling in > CGI::Application::Dispatch and wanted to post it here for some comment while > its still in progress. > > Here is the issue as described in RESTful Web Services book: > http://is.gd/8PSPLE > > Not all clients support HTTP PUT and DELETE. The action of an XHTML 4 form > > can only be GET or POST, and this had made a lot of people think that PUT > > and DELETE aren't real HTTP methods. Some firewalls block HTTP PUT and > > DELETE but not POST. If the server supports it, a client can get around > > these limitations by tunneling PUT and DELETE requests through overloaded > > POST. There's no reason these techniques can't work with other HTTP actions > > like HEAD, but PUT and DELETE are the most common.What I've started > > implementing is essentially this: > > I recommend a tunneling technique pioneered by today's most RESTful web > > frameworks: include the "real" HTTP method in the query string. Ruby on > > Rails defines a hidden form field called '_method' which references the > > "real" HTTP method." > > I've implemented a new boolean parameter auto_rest_tunneling that when true, > will get its "real" HTTP method from the '_method' if one exists. > > To do that was a bit tricky though because at the spot where the run mode is > determined, the application class has not been instantiated to read that > parameter with its designated CGI object. > > I was trying to keep my changes to a minimum so I settled on creating a > subroutine that mode_param can use to complete the tunneling if dispatch > detects a possible REST tunneling situation. This REST tunneling routine is > passed on to the private _run_app method where I had to add a bit of logic so > that routine doesn't build the generic > mode_param subroutine over top of it. > > Besides getting some general feedback I had one specific question to where > I'm at here: > https://github.com/tima/CGI--Application--Dispatch/commit/1e906a01f9470b3b15894e4c77e10c0e8468c86b > > [BTW: I sent this message to Mike and Mark in advance. Mark requested links > to other implementations which I provided in the commit notes.] > > In line 705 (was line 690) of my addition there is a check for illegal > characters in the run mode. This doesn't work when REST tunneling is being > used so I added the logic to skip that. > > Is that going to be a problem? I was thinking of moving that logic out of > _run_app and ahead of auto_rest functions in the dispatch sub. Perhaps I > missing a case where that is necessary. If I can make that move and not break > anything the mode_param sub routine generation could be consolidated in to > the dispatch method also. > > Enough from me. Thoughts? > > <tim/> > > -- > Timothy Appnel > Principal, The Appnel Group, http://appnel.com/ > Director, Open Melody Software Group, http://openmelody.org > > > > > > > > >
##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
