Peter Karman wrote on 1/20/08 7:53 PM:
Aristotle Pagaltzis wrote on 1/20/08 7:36 PM:
* Peter Karman <[EMAIL PROTECTED]> [2008-01-20 22:10]:
there's no checking of HTTP method at all.
Yikes!!
<img src="http://example.org/foo/id/42/delete">
I actually consider that a feature, since it seems legit to me that a GET could
act on an object. That's not REST, but RPC, as you indicated. In my apps, I do
server-side auth checks to verify that users can't act on data they should not
have access to. Then again, all my apps use POST to delete too. :)
That said, I did enable a method-check in v0.23 with a configuration option to
turn it off.
That API is intentionally RESTish
It’s not REST if it ignores the uniform interface – it’s RPCish.
URI design is completely orthogonal to REST.
you are right of course.
/me adds CatalystX::CRUD::REST to todo list...
/me crosses item off list
http://search.cpan.org/~karman/CatalystX-CRUD-0.23/lib/CatalystX/CRUD/REST.pm
Thanks, Aristotle, for pointing out my naive understanding of REST. This thread
helped me write the API in the module above.
Comments, suggestions always welcome.
pek
--
Peter Karman . http://peknet.com/ . [EMAIL PROTECTED]
_______________________________________________
List: Catalyst@lists.scsys.co.uk
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
Dev site: http://dev.catalyst.perl.org/