hi, anyone know of any issues using a link_to_remote to change the state of the database? I'm taking about issues with spiders, google accelerator etc. Twitter seems to do it with no problem. Thanks
I'll try to elaborate. I understand its dangerous to have a html link change the state of the database, for example, delete an article. If a spider follows that link, or a tool such as google accelerator follows that link, then the article will be unintentially deleted.
I was wondering if these problems also exist for a link_to_remote link. Twitter uses an ajax link to add or delete searches, and i was wondering why the issues i mention above were not a problem for them.
Generally anything engaged only with JavaScript or using a non-GET method is safe from this sort of thing. Rails also has a special field send with each POST to ensure that the form was generated by the application and not a third-party site.
This is why in Rails 2.x the destroy methods require DELETE to be routed properly. Prior to this there were GET-based destroy calls with a slightly different path and that created the exact problems you are describing.