* Ronald J Kimball [2010-11-29 18:30]:
> This is for a widget that will be hosted on third party
> websites. The widget will allow users of those sites to
> interact with our content. The widget will be written in
> JavaScript and HTML. The widget will retrieve content and
> submit user interactio
On Fri, Nov 26, 2010 at 3:02 PM, Aristotle Pagaltzis wrote:
> * Ronald J Kimball [2010-11-23 18:00]:
>> REST principles dictate that I use POST, not GET, for these
>> requests. The same-origin policy forces me to use JSONP, which
>> can only make GET requests, not POST. What's the solution?
>
> “
* Ronald J Kimball [2010-11-23 18:00]:
> For what it's worth, the REST methods that I want to expose in
> this way are for posting responses to content. There won't be
> any deletes.
Still, it opens you up to hostile third-party sites injecting
15,000 bogus responses on behalf of a user.
> On Mo
I proposed a solution, the package Resty::Controller::API; example I
sent earlier. Trying to write your controller using
Catalyst::Action::Deserialize is a mistake, as it's not what
Deserialize does.
from
http://search.cpan.org/~bobtfish/Catalyst-Action-REST-0.87/lib/Catalyst/Action/Deserialize.pm
On Mon, Nov 22, 2010 at 3:12 PM, Aristotle Pagaltzis wrote:
> This is really, really, really bad. It’s roughly like modifying
> a file system to be allow file deletion as a side effect of
> opening a file. GET is supposed to be safe, that is, it should be
> free of side effects that the user canno
On Mon, 22 Nov 2010 21:12:26 +0100, Aristotle wrote:
> * Ronald J Kimball [2010-11-22 18:50]:
>> I want to convert a GET request to a POST request, inside my
>> Catalyst app, before dispatching happens.
[...]
> This is really, really, really bad.
[...]
So, what solution do you recommend instea
* Ronald J Kimball [2010-11-22 18:50]:
> I want to convert a GET request to a POST request, inside my
> Catalyst app, before dispatching happens. For example, I want
> to take a request like:
>
> GET /foo?method=POST&body={"foo":1}&content-type=text/javascript
>
> and convert it into a request lik