how to convert a click to a button to a post
100 views
Skip to first unread message
Marco Staffoli
Mar 7, 2018, 9:18:59 AM3/7/18
to unpoly
Hi
how can I replicate the intercooler "ic-post-to" action?
thanks
Marco
Henning Koch
Mar 7, 2018, 9:43:40 AM3/7/18
to unp...@googlegroups.com
Hi Marco,
This is a vanilla GET link:
<a href="/foo">Go</a>
To make Unpoly fetch the link via AJAX, use as [up-follow] or
[up-target] attribute:
<a href="/foo" up-follow>Go</a>
To request with POST instead of GET, use the [up-method] attribute:
<a href="/foo" up-follow up-method="post">Go</a>
To make the link look like a button, use a CSS class.
You can look up documentation for all [up-*] attributes on
https://unpoly.com/ .
Best regards
Henning
> --
> You received this message because you are subscribed to the Google
> Groups "unpoly" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to unpoly+un...@googlegroups.com
> <mailto:unpoly+un...@googlegroups.com>.
> To post to this group, send email to unp...@googlegroups.com
> <mailto:unp...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/unpoly/d1035d6c-8875-403b-96d0-6bc90e22df7b%40googlegroups.com
> <https://groups.google.com/d/msgid/unpoly/d1035d6c-8875-403b-96d0-6bc90e22df7b%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
This is a vanilla GET link:
<a href="/foo">Go</a>
To make Unpoly fetch the link via AJAX, use as [up-follow] or
[up-target] attribute:
<a href="/foo" up-follow>Go</a>
To request with POST instead of GET, use the [up-method] attribute:
<a href="/foo" up-follow up-method="post">Go</a>
To make the link look like a button, use a CSS class.
You can look up documentation for all [up-*] attributes on
https://unpoly.com/ .
Best regards
Henning
> You received this message because you are subscribed to the Google
> Groups "unpoly" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to unpoly+un...@googlegroups.com
> <mailto:unpoly+un...@googlegroups.com>.
> To post to this group, send email to unp...@googlegroups.com
> <mailto:unp...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/unpoly/d1035d6c-8875-403b-96d0-6bc90e22df7b%40googlegroups.com
> <https://groups.google.com/d/msgid/unpoly/d1035d6c-8875-403b-96d0-6bc90e22df7b%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
Marco Staffoli
Mar 7, 2018, 10:42:32 AM3/7/18
to unpoly
Thanks!
Marco Staffoli
Mar 7, 2018, 12:04:09 PM3/7/18
to unpoly
I think that link are not the good way to call action that modfy data on the server.
https://softwareengineering.stackexchange.com/questions/188860/why-shouldnt-a-get-request-change-data-on-the-server
Some browser has pluggin that scan and prefetch all link in a page...
Another advangate of button/POST instead of link/GET is the security.
Usualy the backend is protected by a login.
If the user click on a link to a page and he is not logged in (or the session is expired), the requested url is saved and he is redirected to the login page.
https://softwareengineering.stackexchange.com/questions/188860/why-shouldnt-a-get-request-change-data-on-the-server
Some browser has pluggin that scan and prefetch all link in a page...
Another advangate of button/POST instead of link/GET is the security.
Usualy the backend is protected by a login.
If the user click on a link to a page and he is not logged in (or the session is expired), the requested url is saved and he is redirected to the login page.
After the login, the user will be redirected to the requested url.
What happen if I send to that user a link to a page http://admin.mysite.com/Account/DeleteMyAccount ?
If the action is bounded tho POST this type of attack is not possible.
If the action is bounded tho POST this type of attack is not possible.
So, i think that the best solution is to provide a dead simple and specific way to handle action on server like the one provided by intercooler js
<button ic-post-to="/target_url">Click Me!</button>
Adam Daniels
Mar 7, 2018, 12:21:41 PM3/7/18
to unpoly
If you don't respond to the GET request, or if you have a confirmation page on the GET request (which has a form to POST when they confirm), then you won't be affected by the pre-fetch that browsers may or may not do.
If you insist on using a button, you can easily make your own compiler paired with up.follow to simulate Intercooler, tho it's likely not needed.
Henning Koch
Mar 7, 2018, 12:57:08 PM3/7/18
to unp...@googlegroups.com
Nobody is proposing to delete an account in response to a GET request.
Server-side code that changes data should only respond to POST, PUT or
DELETE methods.
We're using JavaScript to make an <a> tag change its method from GET to
POST, the same way that Intercooler.js is using JavaScript to make a
<button> tag behave differently than it usually would.
Best regards
Henning
> <https://groups.google.com/d/msgid/unpoly/a22f0abd-2527-4c4d-88bd-a98e87bd275a%40googlegroups.com?utm_medium=email&utm_source=footer>.
Server-side code that changes data should only respond to POST, PUT or
DELETE methods.
We're using JavaScript to make an <a> tag change its method from GET to
POST, the same way that Intercooler.js is using JavaScript to make a
<button> tag behave differently than it usually would.
Best regards
Henning
> --
> You received this message because you are subscribed to the Google
> Groups "unpoly" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to unpoly+un...@googlegroups.com
> <mailto:unpoly+un...@googlegroups.com>.
> To post to this group, send email to unp...@googlegroups.com
> <mailto:unp...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/unpoly/a22f0abd-2527-4c4d-88bd-a98e87bd275a%40googlegroups.com
> You received this message because you are subscribed to the Google
> Groups "unpoly" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to unpoly+un...@googlegroups.com
> <mailto:unpoly+un...@googlegroups.com>.
> To post to this group, send email to unp...@googlegroups.com
> <mailto:unp...@googlegroups.com>.
> To view this discussion on the web visit
> <https://groups.google.com/d/msgid/unpoly/a22f0abd-2527-4c4d-88bd-a98e87bd275a%40googlegroups.com?utm_medium=email&utm_source=footer>.
Marco Staffoli
Mar 8, 2018, 4:06:34 AM3/8/18
to unpoly
I think that request a confirmation for each action is not correct: some action is reversible and ask for comfirmation is bad design.
Marco Staffoli
Mar 8, 2018, 4:50:33 AM3/8/18
to unpoly
Thank you Henning
By default I use:
- <a> to handle link to other pages
- <buttons> to handle actions that change data on the server
Making this distinction I can handle browser prefetch pluggin that read the page html to call all the link in the page.
- <buttons> to handle actions that change data on the server
Making this distinction I can handle browser prefetch pluggin that read the page html to call all the link in the page.
In the examples proposed on the tutorial of unpoly the solution to make a post request using up-method='post'
is proposed inside a section that's called "link to a fragment" and the example use a <a> tag
is proposed inside a section that's called "link to a fragment" and the example use a <a> tag
That's not clear for a novice (like me) how to make a post to the server.
For this reason I asked how to do here.
For this reason I asked how to do here.
Marco
Reply all
Reply to author
Forward
0 new messages