Hi All!
I am trying to secure a site that uses ajax links which, when followed,
modify the underlying data. After considerable research and
experimentation, it appears that using an <a> tag always forces the html
mode to be 'GET', but allows the user to set data-method to 'PUT' or
'POST'. The generated html reflects this as in:
<a class="agenda-item-link" rel="nofollow"
href="/agenda_items/148-one/down"
data-rapid="{"a":{"ajax_attrs":{"update":"agenda-items"}}}"
data-method="put">
I have put many debug statements in the controller methods, but the only
thing I can find is request[REQUEST_METHOD] which is set to 'GET'. I
would like to have the controller ignore any requests with a data-method
== 'GET', but I can't find the data-method in anything the controller
has access to.
With the exception of my paranoia ;-) , the ajax works just like it should.
Thanks,
Don Ziesig
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/hobousers.
For more options, visit https://groups.google.com/d/optout.
