Hi Søren, On Tue, May 3, 2016 at 8:25 PM, Mads Kiilerich <[email protected]> wrote: > On 05/03/2016 03:13 PM, Søren Løvborg wrote: >> >> Considering that method overrides are designed specifically to >> accommodate HTML forms, we could pull the CSRF token out of the POST >> request body and stuff it into a header as part of the override >> process. But at that point, it just feels like we're digging ourselves >> in even deeper. A saner approach would be to phase out method >> overrides altogether, and just let POST requests be POST requests. >> (Add an "action" argument or similar as needed, but leave that to the >> controller, and keep it out of routing and security checks.) > > > It seems like that would be a general refactoring and code improvement that > could be done on the default branch and pave the way for the TG migration?
I was wondering whether you would be up to tackling this in the near future? (or perhaps you already started with this?) Of the current tests that are failing, the majority is failing due to the DELETE method not being accepted. I am meanwhile fixing the other failures, but it would be great if in a parallel path someone could look at the DELETE thing. You can see the current state of the Turbogears2 migration code to https://bitbucket.org/_amol_/kallithea-tg/ See also: https://bitbucket.org/conservancy/kallithea/wiki/Turbogears2Migration Do let me know your thoughts... Best regards, Thomas _______________________________________________ kallithea-general mailing list [email protected] http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
