[cgiapp] REST tunneling in CGI::Application::Dispatch

Timothy Appnel tim at appnel.com
Wed May 11 12:02:53 EDT 2011 

Forwarded message:
From: Timothy Appnel <tim at appnel.com>
> To: CGI Application <cgiapp at lists.openlib.org>
> Date: Tuesday, May 10, 2011 2:38:03 PM
> Subject: REST tunneling in CGI::Application::Dispatch
> 
>  I've started a branch to implement REST tunneling in CGI::Application::Dispatch and wanted to post it here for some comment while its still in progress.
> 
> Here is the issue as described in RESTful Web Services book: http://is.gd/8PSPLE
> > Not all clients support HTTP PUT and DELETE. The action of an XHTML 4 form can only be GET or POST, and this had made a lot of people think that PUT and DELETE aren't real HTTP methods. Some firewalls block HTTP PUT and DELETE but not POST. If the server supports it, a client can get around these limitations by tunneling PUT and DELETE requests through overloaded POST. There's no reason these techniques can't work with other HTTP actions like HEAD, but PUT and DELETE are the most common.What I've started implementing is essentially this:
> > I recommend a tunneling technique pioneered by today's most RESTful web frameworks: include the "real" HTTP method in the query string. Ruby on Rails defines a hidden form field called '_method' which references the "real" HTTP method."
> 
> I've implemented a new boolean parameter auto_rest_tunneling that when true, will get its "real" HTTP method from the '_method' if one exists.
> 
> To do that was a bit tricky though because at the spot where the run mode is determined, the application class has not been instantiated to read that parameter with its designated CGI object.
> 
> I was trying to keep my changes to a minimum so I settled on creating a subroutine that mode_param can use to complete the tunneling if dispatch detects a possible REST tunneling situation. This REST tunneling routine is passed on to the private _run_app method where I had to add a bit of logic so that routine doesn't build the generic
> mode_param subroutine over top of it.
> 
> Besides getting some general feedback I had one specific question to where I'm at here:
> https://github.com/tima/CGI--Application--Dispatch/commit/1e906a01f9470b3b15894e4c77e10c0e8468c86b
> 
> [BTW: I sent this message to Mike and Mark in advance. Mark requested links to other implementations which I provided in the commit notes.]
> 
> In line 705 (was line 690) of my addition there is a check for illegal characters in the run mode. This doesn't work when REST tunneling is being used so I added the logic to skip that.
> 
> Is that going to be a problem? I was thinking of moving that logic out of _run_app and ahead of auto_rest functions in the dispatch sub. Perhaps I missing a case where that is necessary. If I can make that move and not break anything the mode_param sub routine generation could be consolidated in to the dispatch method also.
> 
> Enough from me. Thoughts?
> 
> <tim/>
> 
> --
> Timothy Appnel
> Principal, The Appnel Group, http://appnel.com/
> Director, Open Melody Software Group, http://openmelody.org
> > 
> 
> 
> 
> 
> 
> 
>

More information about the cgiapp mailing list