Aristotle Pagaltzis wrote:
* Ian Docherty [EMAIL PROTECTED] [2008-01-28 13:45]:
OK, so I put the item into the request body, but this does not
tell the remote client the ID of the created item.
Why does it need it? Is the URI not enough? If not, is the URI
*really* not enough (ie.
On Tue, Jan 29, 2008 at 08:19:42AM +, Ian Docherty wrote:
This is something I have not seen mentioned before. I have no idea what
a 'URI Template'
would look like.
See the RFC and the CPAN module.
--
Matt S Trout Need help with your Catalyst or DBIx::Class project?
Hi,
On Jan 21, 2008, at 7:43 AM, Jonathan Rockway wrote:
Along these lines, how is everyone doing multi-page forms? I like
to do
GET/POST/redirect, but that needs the session to get the data from
page
1 to page 2. Without a session, I use the old POST returns the form
with hidden fields
On Jan 22, 2008 8:25 AM, Zbigniew Lukasiak [EMAIL PROTECTED] wrote:
On Jan 22, 2008 1:30 AM, Aristotle Pagaltzis [EMAIL PROTECTED] wrote:
* Zbigniew Lukasiak [EMAIL PROTECTED] [2008-01-21 07:40]:
While we are at that - I do understand the need to divide the
operations into the
* Zbigniew Lukasiak [EMAIL PROTECTED] [2008-01-22 08:35]:
On Jan 22, 2008 1:30 AM, Aristotle Pagaltzis [EMAIL PROTECTED] wrote:
I don't understand this question. It sounds like you have
some confusion about several distinct things and that you
don't actually understand what idempotence is.
Peter Karman wrote on 1/20/08 7:53 PM:
Aristotle Pagaltzis wrote on 1/20/08 7:36 PM:
* Peter Karman [EMAIL PROTECTED] [2008-01-20 22:10]:
there's no checking of HTTP method at all.
Yikes!!
img src=http://example.org/foo/id/42/delete;
I actually consider that a feature, since it
Aristotle Pagaltzis wrote:
* Peter Karman [EMAIL PROTECTED] [2008-01-23 03:50]:
In my apps, I do server-side auth checks to verify that users
can't act on data they should not have access to.
Peter, meet XSRF. XSRF, meet Peter.
:-)
My point with `img src=/foo/delete` was that an attacker
* Zbigniew Lukasiak [EMAIL PROTECTED] [2008-01-21 07:40]:
While we are at that - I do understand the need to divide the
operations into the 'indempotent' and 'non-indempotent' classes
(because of caching and predictive link loading) - but what is
really the practical argument for having two
* Peter Karman [EMAIL PROTECTED] [2008-01-20 22:10]:
there's no checking of HTTP method at all.
Yikes!!
img src=http://example.org/foo/id/42/delete;
That API is intentionally RESTish
It’s not REST if it ignores the uniform interface – it’s RPCish.
URI design is completely orthogonal to
Aristotle Pagaltzis wrote on 1/20/08 7:36 PM:
* Peter Karman [EMAIL PROTECTED] [2008-01-20 22:10]:
there's no checking of HTTP method at all.
Yikes!!
img src=http://example.org/foo/id/42/delete;
That API is intentionally RESTish
It’s not REST if it ignores the uniform interface – it’s
On Sun, 2008-01-20 at 23:58 -0600, Dave Rolsky wrote:
On Mon, 21 Jan 2008, Aristotle Pagaltzis wrote:
The part where web browsers really do suck – and I really mean
suck utterly terribly – is HTTP Auth, which makes you have to…
well, you don’t quite have to violate REST constraints, but
11 matches
Mail list logo