Details
-
Type:
New Feature
-
Status:
Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 2.0-M1
-
Fix Version/s: None
-
Component/s: Controllers
-
Labels:None
Description
Instead of showing a 405 allow something like:
static allowedMethods = [[save: "POST",invalidMethodAction="create"], ... ]
which will redirect to some other action which can serve it's purpose which would be equivalent to: (ref: http://www.grails.org/doc/1.3.7/ref/Controllers/allowedMethods.html)
class PersonController {
def delete = {
if(request.method == 'GET') {
// redirect to the list action
redirect(action:list)
} else {
// the rest of the delete action goes here
}
}
}
Some gotcha's:
- As given in the above example save and create shouldn't be having the same allowed methods
- Case 1: save has "POST" and create has "POST". save pushes the get request to create and create shows a 405
- Case 2: save has suppose invalidMethodAction = create and create has invalidMethodAction = save. You'll experience a stackoverflow.
Activity
Burt Beckwith
made changes -
| Field | Original Value | New Value |
|---|---|---|
| Workflow | Grails2 [ 69879 ] | jira [ 75919 ] |
Burt Beckwith
made changes -
| Workflow | jira [ 75919 ] | Grails2 [ 84659 ] |
Peter Ledbrook
made changes -
| Last Reviewed | 01/Jan/10 |
Peter Ledbrook
made changes -
| Workflow | Grails2 [ 84659 ] | jira [ 93094 ] |
Peter Ledbrook
made changes -
| Workflow | jira [ 93094 ] | Grails2 [ 101262 ] |
The nature of this request is good since it encourages user-friendly (or at least useful) error handling, but in the case of sending the wrong HTTP method to the wrong URL, I don't think this has any tangible benefits.
If you are really in the scenario where HTTP methods matter, you are likely mapping the HTTP methods to the actions, rather than the URLs to the actions, making it hard to send the wrong HTTP verb to the actions in the first place.
The only time I could see this being advantageous, however, is if you are doing both HTML and other responses from the actions and are mapping actions to both HTTP methods as well as URLs. (eg. /Person/1/save and POST / Person/1 map to the same action). In those cases, it would make sense to be able to re-direct GET /Person/1/save/ to /Person/create, but unfortunately the HTTP spec doesn't really have a way to send an error response code and also re-direct the browser. The only way this would happen anyways is if either a.) a hacker was trying to be naughy, or b.) there is an error in the site and the developer needs to fix it.
Because of that, I think just sending a 405 response is fine, and there's no need to make it any smarter.