Could eZ be used without GET?

Author Message

Felipe Jaramillo

Thursday 20 October 2005 2:00:40 pm

Hi,

We received a RFP from a former client and in the requirements they state that throughout the site no parameters can be passed using GET, or using URL analysis. All parameters must be passed using POST.

This is a very unusual requirement, and it's non-negotiable so I was wondering if eZ could be adapted to comply with this.

Thanks,

Felipe

Felipe Jaramillo
eZ Certified Extension Developer
http://www.aplyca.com | Bogotá, Colombia

Marko Žmak

Thursday 20 October 2005 3:23:09 pm

I think that using GET or POST methods doesn't really depend on eZ but on your browser. Usually for clicking on links the GET method is used, and for sending forms (unless specified otherwise) the POST method is used.

Practically you could make all your site navigation (where some parameters are required) through buttons in froms instead of links, and then fetch the parameter by using the ezhttp() operator.

So it is possible, but it could be a real pain in the ass...

If someone has a better idea, please suggest.

--
Nothing is impossible. Not if you can imagine it!

Hubert Farnsworth

Xavier Dutoit

Friday 21 October 2005 3:46:31 am

You mean all the actions have to be done using post ? THat's the case with ez.

If the requirement is also for the browsing of the site, that's plain stupid, as typing http://thesite.com is going to be a get anyway.

X+

http://www.sydesy.com

Frederik Holljen

Friday 21 October 2005 4:53:00 am

Can you say something about the reason for this requirement? I can't see any reason why you would want a site with no GETs at all.

Felipe Jaramillo

Friday 21 October 2005 7:54:10 am

Thanks for the answers guys.

I was also very surprised about this, asked for clarification and generally did my best to avoid calling it for what it appears: plain stupid ;)

Xavier: what they seem concerned is about passing parameters and using parameters through GET, although it's a good point to note that all accesses are using GET in some way or another.

Frank: The restriction seemed to have come from the security department and applies to all the solution, ie. admin area, site, etc.

Marko: My first thought was to use a lot of forms with image buttons. To use links inside the text one could just use javascript to trigger the submit of the form.

In general, a real pain in the behind.

Thanks again,
Felipe

Felipe Jaramillo
eZ Certified Extension Developer
http://www.aplyca.com | Bogotá, Colombia

Marko Žmak

Friday 21 October 2005 11:04:12 am

Now that I think, there is a way to descrease the pain this problem could cause in the behind. You caould make a template, let's say stupid_link.tpl which generates a FORM and a link in it with javascript that submits the form. And then everywhere when you want to put a link in the site you use theis template with approprite parameters. This should'nt be so hard to use, actually for some of my sites I do display links using a special templates, when I want all the links to bi generated in the same way. You should only adapt this principle to your case.

--
Nothing is impossible. Not if you can imagine it!

Hubert Farnsworth

Frederik Holljen

Sunday 23 October 2005 11:08:11 am

If the problem lies only in parameters and not in GET requests in general eZ publish should be pretty well suited. AFAIK we only use GET for the search right now. Other than that we use POST.

I'd like to speak to the guys in their security department though :)

Marko Žmak

Sunday 23 October 2005 2:50:52 pm

Yep, but sometimes users who make eZ sites maybe want to pass some additional parameters in the URL to their templates. And for that they sometimes need GET.

--
Nothing is impossible. Not if you can imagine it!

Hubert Farnsworth

Frederik Holljen

Monday 24 October 2005 12:32:34 am

Yeah, you would have to restrain yourself then :)

Felipe Jaramillo

Tuesday 25 October 2005 9:38:40 am

Thanks for the input guys.

I suspect that the security department must have a CMS in mind that does this by default.

Looking at the Typo3 demo site (http://demo.typo3.org) I noticed it generates static .html files, meaning no GET parameters are passed. Anyone know if Typo3 would work?

Even with your valuable suggestions, making eZ comply would mean editing a lot of admin and site templates and in general means it's a pain to set up.

Thanks again,
Felipe

Felipe Jaramillo
eZ Certified Extension Developer
http://www.aplyca.com | Bogotá, Colombia

Alexandre Abric

Wednesday 26 October 2005 12:51:05 am

Well, eZ can also generate static HTML files ...

Powered by eZ Publish™ CMS Open Source Web Content Management. Copyright © 1999-2014 eZ Systems AS (except where otherwise noted). All rights reserved.