hi, anyone know of any issues using a link_to_remote to change the state of the database? I'm taking about issues with spiders, google accelerator etc. Twitter seems to do it with no problem. Thanks
A:
I'll try to elaborate. I understand its dangerous to have a html link change the state of the database, for example, delete an article. If a spider follows that link, or a tool such as google accelerator follows that link, then the article will be unintentially deleted.
I was wondering if these problems also exist for a link_to_remote link. Twitter uses an ajax link to add or delete searches, and i was wondering why the issues i mention above were not a problem for them.
Jon
2010-03-02 15:52:24
You can always amend your question instead of posting another question as an answer.
tadman
2010-03-02 15:55:26
+1
A:
Generally anything engaged only with JavaScript or using a non-GET method is safe from this sort of thing. Rails also has a special field send with each POST to ensure that the form was generated by the application and not a third-party site.
This is why in Rails 2.x the destroy methods require DELETE to be routed properly. Prior to this there were GET-based destroy calls with a slightly different path and that created the exact problems you are describing.
tadman
2010-03-02 15:55:01