Follow

my logout route for my web app uses a get request, i want to change it to a post. what's the post way to post to a route from a web page, just make a form with nothing but a submit button?

@haskal this. fucking hate that people shit on javascript when it's literally the only way to make things even semi-functional

@simula holding out for wasm getting actual direct web api calls

@haskal until people start blocking that for similar reasons. god i fucking hate the frontend web. everything should just be a fucking REST api so i can do whatever i want lmao

@simula @haskal why not use CSS to make the button look the same as the rest of the links on the site?

@tindall @haskal i mean i'm definitely going to i just hate that there's so many fucking heisenbugs that are incredibly easy to trigger

i prefer to do things with css instead of js but it's so tempting not to when js is one line and css is,,, many

@simula @haskal yeah

i mean i also do think there's a place for js but it's completely nuts to let random sites run arbitrary code on yr machine lol

@tindall @haskal literally everything these days runs arbitrary code. allowing files to run code the instant they're opened is fucking terrible

everything is bad except plaintext

@simula @haskal ish? html and css are p declarative though

i mean it's the difference between "if there's a parser bug you can cause some heap corruption and rop chain your way to an exploit" and "literal immediate rce by design" i guess

@tindall @haskal sure but my browser is fine running js without interaction, and changing that is a pain in the ass. reading straight html is also a bitch and a hald

literally every big document format i can think of has immediate rce by design

@simula @haskal html + css doesn't though? like, my site with js disabled is almost identical to my site with js enabled, you only miss out on syntax highlighting

@tindall @haskal your site, maybe

every big site out there breaks the second you disable js tho

@simula absolutely! i'm not saying _you_ should disable js in your browser, just that it's not great to _make_ one of those sites that breaks when js is off lol

@tindall oh definitely. unfortunately, making a decent interactive site that works with and without js is awful

@simula @tindall @haskal (also that sounds like a really bad rule of thumb I have some very bad opinions)

@wxcafe lol dw
i disagree with you quite a bit on a few things, but you've always been super nice about our disagreements c:

i think everyone has a ton of bad ideas tbh

@simula you can probably do some cursed crappy workaround using <a>'s ping attribute if you want an alternate solution that doesn't use javascript but I imagine it's gonna be ugly

@simula From MDN: "ping: A space-separated list of URLs. When the link is followed, the browser will send POST requests with the body PING to the URLs. Typically for tracking."

developer.mozilla.org/en-US/do

@amandag oh
oh no
oooohhhhhhh noooooooooooo

oh i hate this soooooooo much lmao

there's an issue though. the reason to use POST in this situation is to avoid issues caused by browser prefetching. when a browser prefetches a link or a crawler hits that a tag, will it still send the ping?

@simula I haven't used it in practice so I don't actually know, but my gut tells me that shouldn't be the case.

Also, this is just me spitballing, but if that's the problem you're trying to avoid, shouldn't just not putting the link to the logout page in the document unless you're signed in be satisfactory? If not, would making the user id part of the logout link and then just ignoring it once it hits backend work?

@amandag still an issue with browser prefetching

i do my best to make sure user ids are *never* transported to any part of the frontend. that's a data leak i Do Not Want lmao

honestly it's probably best to just use css to style the button.

Sign in to participate in the conversation
Cybrespace

Cybrespace is an instance of Mastodon, a social network based on open web protocols and free, open-source software. It is decentralized like e-mail.