Saturday, August 27th, 2005

Using Rails Ajax helpers to create safe state-changing links

Category: Articles, Examples, Ruby

<>p>Jarkko Laine discusses Using Rails Ajax helpers to create safe state-changing links:

A few months ago there was a heated discussion going on about Google Web Accelerator prefetching links and at the same time wreaking havoc in web apps that used plain GET links to change the state of an application. A few tricks came up on how one could block GWA from accessing given pages, but in the end, using GET requests for operations such as deleting records in your app remained dangerous.

The traditional means to avoid the perils of GWA and friends are two-fold: either use only form buttons (and thus POST requests) to commit these mission-critical actions, or link to a confirmation page that does the same.

Unfortunately, these solutions are less than optimal.

Jarkko goes on to give an example of how you can take Rails’ link_to_remote magic to help out, even giving you graceful failback:

<%= link_to_remote "Delete", 
  {:url => {:controller => "monkey", 
           :action => "delete", 
           :id => monkey.id},
  :update => "monkeys"},
  {:href => url_for(:controller => "monkey",
                    :action => "delete",
                    :id => monkey.id)} %>

It would be nice to be able to <a href=”….” method=”POST”> of course.

Related Content:

  • Web services with Ruby on Rails
    The Ruby on Rails framework has added REST support, making it a Web service alternative to SOAP stack...
  • Ajax Learning Guide
    Are you a Web developer? The time has come to rethink your entire approach to developing Web applications. Find out about the Ajax approach...
  • Ajax Learning Guide
    Are you a Web developer? The time has come to rethink your entire approach to developing Web applications. Find out about the Ajax approach...
  • Ajax Learning Guide
    Chances are, you've been doing JavaScript and XML developer work in Lotus Domino for quite some time. This old/new approach is causing quite a stir in...
  • Ajax Learning Guide
    Are you a Web developer? The time has come to rethink your entire approach to developing Web applications. Find out about the Ajax approach...

Posted by Dion Almaer at 2:01 am
1 Comment

++++-
4.2 rating from 11 votes

1 Comment »

Comments feed

Hmm.. What about applying rel=”nofollow” attribute to state changing links? Like so:

<a href=”http://www.anothersite.com?action=del&id=4″ rel=”nofollow”>Delete</a>

Comment by Kim Biesbjerg — August 29, 2005

Leave a comment

You must be logged in to post a comment.