Home | Forum | Unread | Sign in | Sign in
Wirebird
Forum
KarenCravens
Karen Cravens

Tue

Jul 1
2008

17:30Z

REST anti-patterns

Stefan Tilkov wrote an interesting article listing some REST anti-patterns:
http://www.infoq.com/articles/rest-anti-patterns
Unfortunately, I make use of a few of these... though not without consideration.
#2: Tunneling everything through POST.
It's more commonly called "overloaded POST," and the problem is, it's still necessary if you support the browser as a REST client. (Decreasingly so, but still.) PUT and DELETE are not predictably, reliably supported.
Of course, Wirebird is perfectly happy to accept a real PUT or DELETE, so maybe that doesn't count. It still follows the idempotency rule, so a fully-compliant client could use a PUT confidently without having to put its trust in a mere overloaded-POST with a "method" parm set to "put".
#4: Ignoring status codes.
Purity yields to pragmatism again. Wirebird used to issue a full suite of error codes, until I realized that comment spammer robots don't recognize them. Only a 404 or 403 makes (some of) them stop hammering on forms. So the real errors are commented out, or it issues mutant things like "404 409 Conflict" and such. This makes me grumpy ("oh look, yet another perfectly useful Internet feature ruined by spammers"), but as the debug levels get turned down and performance improves, I'll probably turn the real status codes back on, and focus more on blacklisting griefers. Or maybe I'll just be more proactive and buy a sniper rifle.
#5: Misusing cookies.
Only a little. The authentication cookie, while it's called a session id, *only* holds a session ID... at the moment, essentially a temporary password. There again, that's because not very many browsers can handle authentication well. Eventually, for smarter browsers and other clients, there will be a proper authen protocol, and the form-based cookie stuff will be a fallback only. I don't think it'll be a really serious matter until Wirebird is less obscure; right now there's no real value in hacking someone's account, especially as long as we accept mailing-list posts. (Want to spam a mailing list? Just forge the email address of one of its authorized senders. No password required.)
On the plus side, I'm feeling relatively good about how I handle the other five anti-patterns.
Permalink | Thread | Add reply
KarenCravens
Karen Cravens

Mon

Aug 20
2007

23:47Z

Inlining forms!

"display: inline" was the property I was looking for in my first post here. I had somehow decided to try inline-block (no, I don't know why) and concluded that that approach didn't work with forms.

I still don't have it displaying with underline ("text-decoration: underline" isn't triggered, apparently), and I still have some issues with horizontal spacing in IE, but at least it's inlining everything.

Of course, even inline there's actually not enough space on the post footer for all the options, but that's a different issue.

Permalink | Thread | Add reply
KarenCravens
Karen Cravens

Sat

Aug 18
2007

21:35Z

Put/Delete not fully functional

A little bird told me that PUT and DELETE aren't fully/reliably supported in all browsers, even in JavaScript. This is news to me (and I don't know what "quirks" come up), and makes me sad since I don't plan to write any Wirebird client apps outside of the browser (or Thunderbird, I suppose).

Of course, by the time Wirebird's done, it probably *will* be supported.

Permalink | Thread | Add reply
KarenCravens
Karen Cravens

Wed

Aug 8
2007

13:56Z

Form validation

Not strictly REST, but I had to say something:

http://letmehaveblog.blogspot.com/2007/08/easy-client-side-web-forms-va lidations.html

The jQuery.YAV plugin accepts my usual personal email address, unlike about 90% of the form-validators out there. Huzzah!

Yes, validating email is black magic. No, being too restrictive is not better than being too permissive (at least if you want *me* to buy from your online store). Yes, a "+" is legal in the localpart of an address. No, I will not get a Yahoo email address just to buy from you.

Permalink | Thread | Add reply
KarenCravens
Karen Cravens

Sat

Aug 4
2007

19:11Z

RESTful HTML (and CSS)

I find myself asking HTML questions in the REST mailing list, which is probably not terribly appropriate. But I'm discovering my HTML knowledge is not exactly standards-compliant, in large part because my past HTML work has been fairly static.

I'm also slightly more constrained than a lot of REST programmers, with my self-imposed restrictions of "usable by dumb browser," which means not using JavaScript to "cheat" (until later).

So I'm faced with things like using forms instead of links (because the browser can't do a POST/PUT/DELETE with a link), which means sometimes figuring out how to put a "naked" submit button out there, and (here's the hard part) fit it into the layout of a page. So far as I can tell, forms are unavoidably block-level critters, which means they stubbornly want to be on a line by themselves. This means using float:left to get a row of them and (as can currently be seen in the mailbox mark (un)read buttons) sometimes they still won't properly stay on the baseline.

As I run across workarounds, or figure them out myself, I'll put them here. Also, though I haven't gotten Wirebird in a repository yet, it's open source (Creative Commons Attribution-ShareAlike, though I'll probably also GPL and Artistic it as well) so you can swipe any bits of HTML, CSS, or JS that you find handy (that isn't otherwise noted in the comments as belonging to someone else, at least).

Permalink | Thread | Add reply