Grails
  1. Grails
  2. GRAILS-7941

If the allowed method is POST/GET introduce a variable to redirect to it some action

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 2.0-M1
    • Fix Version/s: None
    • Component/s: Controllers
    • Labels:
      None

      Description

      Instead of showing a 405 allow something like:

      static allowedMethods = [[save: "POST",invalidMethodAction="create"], ... ]
      

      which will redirect to some other action which can serve it's purpose which would be equivalent to: (ref: http://www.grails.org/doc/1.3.7/ref/Controllers/allowedMethods.html)

      class PersonController {
        def delete = {
          if(request.method == 'GET') {
            // redirect to the list action
            redirect(action:list)
          } else {
            // the rest of the delete action goes here
          }
        }
      }
      

      Some gotcha's:

      • As given in the above example save and create shouldn't be having the same allowed methods
        • Case 1: save has "POST" and create has "POST". save pushes the get request to create and create shows a 405
        • Case 2: save has suppose invalidMethodAction = create and create has invalidMethodAction = save. You'll experience a stackoverflow.

        Activity

        Hide
        cdeszaq added a comment -

        The nature of this request is good since it encourages user-friendly (or at least useful) error handling, but in the case of sending the wrong HTTP method to the wrong URL, I don't think this has any tangible benefits.

        If you are really in the scenario where HTTP methods matter, you are likely mapping the HTTP methods to the actions, rather than the URLs to the actions, making it hard to send the wrong HTTP verb to the actions in the first place.

        The only time I could see this being advantageous, however, is if you are doing both HTML and other responses from the actions and are mapping actions to both HTTP methods as well as URLs. (eg. /Person/1/save and POST / Person/1 map to the same action). In those cases, it would make sense to be able to re-direct GET /Person/1/save/ to /Person/create, but unfortunately the HTTP spec doesn't really have a way to send an error response code and also re-direct the browser. The only way this would happen anyways is if either a.) a hacker was trying to be naughy, or b.) there is an error in the site and the developer needs to fix it.

        Because of that, I think just sending a 405 response is fine, and there's no need to make it any smarter.

        Show
        cdeszaq added a comment - The nature of this request is good since it encourages user-friendly (or at least useful) error handling, but in the case of sending the wrong HTTP method to the wrong URL, I don't think this has any tangible benefits. If you are really in the scenario where HTTP methods matter, you are likely mapping the HTTP methods to the actions, rather than the URLs to the actions, making it hard to send the wrong HTTP verb to the actions in the first place. The only time I could see this being advantageous, however, is if you are doing both HTML and other responses from the actions and are mapping actions to both HTTP methods as well as URLs. (eg. /Person/1/save and POST / Person/1 map to the same action). In those cases, it would make sense to be able to re-direct GET /Person/1/save/ to /Person/create, but unfortunately the HTTP spec doesn't really have a way to send an error response code and also re-direct the browser. The only way this would happen anyways is if either a.) a hacker was trying to be naughy, or b.) there is an error in the site and the developer needs to fix it. Because of that, I think just sending a 405 response is fine, and there's no need to make it any smarter.
        Hide
        Peter Ledbrook added a comment -

        If you are disallowing methods for a particular URL, you should be returning 405s for invalid ones. I don't really understand the reasoning behind the request.

        Show
        Peter Ledbrook added a comment - If you are disallowing methods for a particular URL, you should be returning 405s for invalid ones. I don't really understand the reasoning behind the request.
        Hide
        Jeff Scott Brown added a comment -

        I don't think this request makes sense. 405 seems like the right thing to do for requests with an invalid request method. If you would care to discuss further, please send a note to the grails user mailing list.

        Thanks for the feedback.

        Show
        Jeff Scott Brown added a comment - I don't think this request makes sense. 405 seems like the right thing to do for requests with an invalid request method. If you would care to discuss further, please send a note to the grails user mailing list. Thanks for the feedback.

          People

          • Assignee:
            Jeff Scott Brown
            Reporter:
            Raviteja
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Last Reviewed:

              Development