[Seaside] Something seaside developers need to be aware of
Avi Bryant
avi.bryant at gmail.com
Mon May 9 13:20:58 CEST 2005
On 5/9/05, Benjamin Pollack <benjamin.pollack at gmail.com> wrote:
> I strongly agree with Joe Gregorio that this is a bug with web
> developers and not GWA [1]. HTTP GET should be idempotent.
> Unfortunately, buttons are ugly and there's no easy way I know of to
> make links that generate POST requests. There are two "easy"
> solutions: add an anchorButtonWithAction: method that uses JavaScript
> to make text look like a link but generate a POST request (this is
> what Gmail does, incidentally) or patch Seaside to block GWA by
> default. The first option is annoying, slightly klugy, and also the
> most "correct" solution, in my opinion, but the second might be a
> quick hack to solve the problem until we get a better solution.
It's nice anyway to have people thinking about whether a given link is
safe or idempotent or not - since, for example, you don't need the
extra redirect if it is. So I agree that we should have a range of
options for generating links.
In the meantime, though, Seaside2.6a1-avi.36 contains code that
*should* block the GWA. I don't have a windows machine handy to test
this on, however, so I'd appreciate if someone could confirm that it
does.
Avi
More information about the Seaside
mailing list