Dar Scott Consulting
dsc at swcp.com
Fri Jul 5 21:13:22 EDT 2019
And an aside. Off topic.
I guess I am old-school. I know it is the fad, but using DELETE to logout seems goofy. Yeah, you can make a URL that looks like a session and you are deleting the session. But it seems that is like using HEAD to indicate what direction you are going or OPTIONS to set up options.
I know. I'm a cranky curmudgeon. I survive by recognizing that this is no longer HTTP, but a wolf in sheep's clothing to get past firewalls, a whole new protocol where we make it up as we go.
Now, given that, and I join the 21st century, DELETE returns a status code and an optional content. The status code is normally 204 (but maybe 205, which might be appropriate for log out) when no content is returned or 200 if content is returned. If the item is not there, the same applies, but perhaps 404 or 410 can also apply. If DELETE is used to mean logout, then the session is permanently gone and 410 on a repeat is appropriate. A 303 is OK (content is URL), but is probably handled by the underlying library.
Now, for proper symmetry, if DELETE is used to log out, then PUT must be used to log in. Both are idempotent, so logging in multiple times should be OK and logging out multiple times should be OK. That is, a login returns 200 and a logout returns 204. Every time.
I have not seen it implemented that way. We play the hands we are dealt.
> On Jul 5, 2019, at 4:23 PM, J. Landman Gay via use-livecode <use-livecode at lists.runrev.com> wrote:
> The server lady wants it that way. I create signed AWS URLs that are secure and which access her APIs. So far we've only used POST, PUT, and GET. Now we've added a "log out" function and I'm supposed to send the URL with DELETE. She is floored that I can't do that:
> "I can change it if you really don’t have DELETE, but I would find it surprising. If you do have it, I’d prefer to keep it as DELETE since it makes the most sense for the action."
> Then she suggests using cURL but that won't work on mobile where we can't use shell.
> I wouldn't know where to start with tsNetCustom(), but I'll investigate. Suggestions welcome, provided it works on mobile.
> On 7/5/19 3:30 PM, Dar Scott Consulting via use-livecode wrote:
>> Testing DELETE is scary. Consider httpstat.us <http://httpstat.us/>, httpbin.org <http://httpbin.org/> or others for safe testing.
>> I haven't tested, but I'd think that 'delete URL "http://www.example.com/oldthings.txt <http://www.example.com/oldthings.txt>"' should work.
>> You might need to pass along some auth:
>> delete URL "http://badwolf:email@example.com/secretthings.txt <http://badwolf:firstname.lastname@example.org/secretthings.txt>"
>> If not, you can directly use TCP. It is as easy as a simple GET. It is as hard as figuring out simple HTTP.
>> Or consider tsNetCustom() and use "DELETE" as the request.
>> Dar Scott
>>> On Jul 5, 2019, at 1:55 PM, J. Landman Gay via use-livecode <use-livecode at lists.runrev.com> wrote:
>>> I need to send a DELETE to a server. I only know of PUT, GET, and POST options. Does tsNet support DELETE? If not, how would I do that?
>>> Jacqueline Landman Gay | jacque at hyperactivesw.com
>>> HyperActive Software | http://www.hyperactivesw.com
> Jacqueline Landman Gay | jacque at hyperactivesw.com
> HyperActive Software | http://www.hyperactivesw.com
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
More information about the Use-livecode