Hi Don,
The "data-method" attribute is not sent to the server currently, so you
can't know that in the controller. I have created an issue to allow
links to support other methods. But until that is working, I suggest a
small hack: add the parameter in the URL:
<a class="agenda-item-link" rel="nofollow"
href="/agenda_items/148-one/down?method=put"
data-rapid="{"a":{"ajax_attrs":{"update":"agenda-items"}}}"
data-method="put">
Would that work for you?
Warm regards,
Ignacio
El 10/10/14 a las #4, Donald Ziesig escribió:
> Hi All!
>
> I am trying to secure a site that uses ajax links which, when followed,
> modify the underlying data. After considerable research and
> experimentation, it appears that using an <a> tag always forces the html
> mode to be 'GET', but allows the user to set data-method to 'PUT' or
> 'POST'. The generated html reflects this as in:
>
> <a class="agenda-item-link" rel="nofollow"
> href="/agenda_items/148-one/down"
> data-rapid="{"a":{"ajax_attrs":{"update":"agenda-items"}}}"
> data-method="put">
>
> I have put many debug statements in the controller methods, but the only
> thing I can find is request[REQUEST_METHOD] which is set to 'GET'. I
> would like to have the controller ignore any requests with a data-method
> == 'GET', but I can't find the data-method in anything the controller
> has access to.
>
> With the exception of my paranoia ;-) , the ajax works just like it should.
>
> Thanks,
>
> Don Ziesig
>
>
--
You received this message because you are subscribed to the Google Groups "Hobo
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/hobousers.
For more options, visit https://groups.google.com/d/optout.
