Saturday, August 27th, 2005

Using Rails Ajax helpers to create safe state-changing links

Category: Articles, Examples, Ruby

<>p>Jarkko Laine discusses Using Rails Ajax helpers to create safe state-changing links:

A few months ago there was a heated discussion going on about Google Web Accelerator prefetching links and at the same time wreaking havoc in web apps that used plain GET links to change the state of an application. A few tricks came up on how one could block GWA from accessing given pages, but in the end, using GET requests for operations such as deleting records in your app remained dangerous.

The traditional means to avoid the perils of GWA and friends are two-fold: either use only form buttons (and thus POST requests) to commit these mission-critical actions, or link to a confirmation page that does the same.

Unfortunately, these solutions are less than optimal.

Jarkko goes on to give an example of how you can take Rails’ link_to_remote magic to help out, even giving you graceful failback:

<%= link_to_remote "Delete", 
  {:url => {:controller => "monkey", 
           :action => "delete", 
           :id => monkey.id},
  :update => "monkeys"},
  {:href => url_for(:controller => "monkey",
                    :action => "delete",
                    :id => monkey.id)} %>

It would be nice to be able to <a href=”….” method=”POST”> of course.

Related Content:

Posted by Dion Almaer at 2:01 am
1 Comment

++++-
4.2 rating from 11 votes

1 Comment »

Comments feed

Hmm.. What about applying rel=”nofollow” attribute to state changing links? Like so:

<a href=”http://www.anothersite.com?action=del&id=4″ rel=”nofollow”>Delete</a>

Comment by Kim Biesbjerg — August 29, 2005

Leave a comment

You must be logged in to post a comment.