tgext.routes changes
Mads Kiilerich
mads at kiilerich.com
Tue May 3 18:25:46 UTC 2016
On 05/03/2016 03:13 PM, Søren Løvborg wrote:
> Considering that method overrides are designed specifically to
> accommodate HTML forms, we could pull the CSRF token out of the POST
> request body and stuff it into a header as part of the override
> process. But at that point, it just feels like we're digging ourselves
> in even deeper. A saner approach would be to phase out method
> overrides altogether, and just let POST requests be POST requests.
> (Add an "action" argument or similar as needed, but leave that to the
> controller, and keep it out of routing and security checks.)
It seems like that would be a general refactoring and code improvement
that could be done on the default branch and pave the way for the TG
migration?
I think it would be nice to have more of those ... or to use the
modularity of TG to migrate to TG module by module - for example
perhapsly by switching from paster to to gearbox or by changing the
routing mechanism or adding a new State of the TG Art RESTish web
services API.
/Mads
More information about the kallithea-general
mailing list