On Wed, Sep 12, 2007 at 06:38:23PM +1000, Rob Sharp wrote: > >I using "form method=POST action=/goo/3/" to say update instance 3 > >via a POST. > >But I'm using a URL like foo?delete=3 to delete item 3 i.e. using a > >GET to delete an > >instance. This is because the URL is a href link in a table of > >entries (actually a > >little cross image being a delete icon). It's easy to do it this way. > > > >The question is if this is supposed to be done via a POST how does > >one do it without > >using a form? > > Rails tackles this by calling javascript that creates and submits a > form to the href in the anchor, which gives you links that POST. > The one downfall of this approach is users that have no javascript, > or javascript disabled use GET to perform deletes;
Which is why your data-modifying actions should check to make sure they're being POSTed to before doing nasty things. Doesn't solve the problem for non-JavaScript-using people, but as much as it pains me to admit it, I don't think many sites are going to be useful without Javascript. - Matt _______________________________________________ coders mailing list [email protected] http://lists.slug.org.au/listinfo/coders
