[Catalyst] how to confirm before deleting

Toby Corkindale toby.corkindale at strategicdata.com.au
Thu Jan 22 06:41:16 GMT 2009

Trevor Phillips wrote:
> On Thu, Jan 22, 2009 at 3:12 PM, Toby Corkindale
> <toby.corkindale at strategicdata.com.au> wrote:
>> But what happens when your site gets spidered by a search engine, that
>> follows all links?
>> Whoops.
>> There's a good reason state-modification-actions should be POST (or rather,
>> non-GET, if you want to go with PUT, DELETE, etc)
> Surely such an action would be behind some form of authentication,
> ergo blocking any random web crawler? An app that allowed you to
> delete records with no security checks has bigger issues. ^_^

Yeah.. can't actually remember what the actions were, but indeed, 'twas 

After posting that, I realised other people had already posted warnings 
about not using GET for state-change anyway.

More information about the Catalyst mailing list