Forum: Ruby on Rails GET parameters working in POST requests using Prototype 1.5.

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Martin G. (Guest)
on 2007-02-15 01:55
(Received via mailing list)
Hiall,

I just noticed that in code I wrote quite a while ago I did the
following, which actually worked fine:

new Ajax.Request('/foo/bar?param1=foo&param2=bar", { ... })

The thing is, I didn't specify method: get so Prototype issued the
default POST request. My rails controller had no problem accessing the
parameters via the params hash. Now I'm thinking, is there any reason
that rails/prototype didn't complain that I was using GET parameters
in my POST request? Should it actually complain or not? Is there any
reasonable situation where one would mix POST and GET parameters? I'm
a little confused, as my general opinion would be to at least ignore
those parameters or even better, give a warning somehow? Or does it
simply not matter to mix these and it is therefore ok?

thx in advance
Martin G.
Jon G. (Guest)
on 2007-02-15 02:13
(Received via mailing list)
In your controller, you should have something like the following to
limit specific actions to only work as posts.

verify :method => :post, :only => [ :destroy, :create, :update ],
         :redirect_to => { :action => 'show' }
Jodi S. (Guest)
on 2007-02-15 03:20
(Received via mailing list)
On 14-Feb-07, at 6:55 PM, Martin G. wrote:

> parameters via the params hash. Now I'm thinking, is there any reason
> that rails/prototype didn't complain that I was using GET parameters
> in my POST request? Should it actually complain or not? Is there any
> reasonable situation where one would mix POST and GET parameters? I'm
> a little confused, as my general opinion would be to at least ignore
> those parameters or even better, give a warning somehow? Or does it
> simply not matter to mix these and it is therefore ok?
>
> thx in advance
> Martin G.

in my previous incarnation as a java-dude, I'd often mix GET params
inside a POST request - generally for the purposes of authentication.

Prototype will just see it as part of the URL, and Rails is likely
parsing it wholesale into params.

Jodi
This topic is locked and can not be replied to.