Return-Path: Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: (qmail 57775 invoked from network); 14 Oct 2009 18:15:21 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 14 Oct 2009 18:15:21 -0000 Received: (qmail 14670 invoked by uid 500); 14 Oct 2009 18:15:21 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 14566 invoked by uid 500); 14 Oct 2009 18:15:20 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 14556 invoked by uid 99); 14 Oct 2009 18:15:20 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 Oct 2009 18:15:20 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of mikeal.rogers@gmail.com designates 209.85.221.203 as permitted sender) Received: from [209.85.221.203] (HELO mail-qy0-f203.google.com) (209.85.221.203) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 Oct 2009 18:15:12 +0000 Received: by qyk42 with SMTP id 42so36006qyk.28 for ; Wed, 14 Oct 2009 11:14:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=kVXPcdDGLBugq8vn6lW0H+653YrMNCif4Ls3VE7ybyw=; b=MM2PjunWsDB6VCax4a5eEz/D6KHPoX6oQYMfpKNaQDM6Tlotwu1FA5XaYIj6yHhQyR PeMYhK3q7T2y3McaCiMxbk9sEtNG+16fjsxxsnC3B9LfMDZbrXhTQfDIQPa976SwdQK+ iXVycBY3AwQ2IBD/UrYDFULw5FXoLoFt/CeEs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=NA3pLxUakZTbAmJxGadjVeAa+/m4qlk5TKYs1ols5DWDR3rLNePucSmP09u5n3s0Qq 4fWp1QBbqT/NmlRLaRo9wL0DdVruOqfNgLPnip3Q8OSWd81gyiDBs7cm7MV/u76AH4Qd v8hsW+LbJ+6g8DX0KFZzJH4mWbqMd4Qw8ckXI= MIME-Version: 1.0 Received: by 10.224.54.206 with SMTP id r14mr7342221qag.204.1255544091395; Wed, 14 Oct 2009 11:14:51 -0700 (PDT) In-Reply-To: <4AD6148B.5090701@gmx.de> References: <4AD607EB.1020601@gmx.de> <4AD6148B.5090701@gmx.de> Date: Wed, 14 Oct 2009 11:14:51 -0700 Message-ID: <30747dfa0910141114j67acc685sdbfe745cb8f0eb0a@mail.gmail.com> Subject: Re: Standalone CouchDB Applications without Javascript From: Mikeal Rogers To: dev@couchdb.apache.org Content-Type: multipart/alternative; boundary=000feaf10fcc9148690475e92352 X-Virus-Checked: Checked by ClamAV on apache.org --000feaf10fcc9148690475e92352 Content-Type: text/plain; charset=ISO-8859-1 If you did the POST with XHR you could embed the redirect logic in the client code rather than in the server. -Mikeal On Wed, Oct 14, 2009 at 11:12 AM, Sven Helmberger wrote: > Chris Anderson schrieb: > > On Wed, Oct 14, 2009 at 10:18 AM, Sven Helmberger >> wrote: >> >>> Hi! >>> >>> I've been a web architect / developer for some time now and my main focus >>> has been standard-compliant, accessible web applications. One of the >>> points >>> that nag me the most are web applications that only work with javascript >>> enabled without having a clear reason to do so. Stuff like >>> Google Maps gets a free pass from me, but even Google Maps now supports >>> server-side image rendering to enable basic javascript-less use. >>> >>> The js-only property of Standalone CouchDB Applications is what really >>> puts >>> me off about them. Now I've been thinking about what it takes to enable >>> Standalone Applications working without client-side javascript. >>> >>> The recent addition of show and list functions goes a looong way in this >>> direction so that it seems to me that there are two things missing for it >>> to >>> be possible. >>> >>> First would be some kind of _external HTML-Form-Submit-to-CouchDB bridge >>> that takes parameters sent, parses them in some way and constructs a >>> new or changed CouchDB document. >>> >>> e.g. _id=xxx&name=Foo&tag.1=example&tag.2=accessible&sub.field=bar >>> >>> would be converted to >>> { >>> "_id" : "xxx", >>> "name": "Foo", >>> "tag" : ["example","accessible"], >>> "sub" : { >>> "field" : "bar" >>> } >>> } >>> >>> very similar how many webframework do binding into nested object graphs. >>> This is pretty much doable now as first tests seem to prove, with the >>> exception of CouchDB not seeming to support "multipart/form-data" encoded >>> requests. (it thinks binary files are UTF-8 and complains about invalid >>> encoding etc. when nothing in the request says anything about >>> UTF-8) >>> >> >> This should be possible with _update functions. The best documentation >> for these is still the test suite. >> >> The other thing that is missing would be a way to decide to what URL to >>> redirect to after receiving such a form submission, which obviously >>> shouldn't be done by just sending a hidden field with the URL >>> (maybe sign it in some way?) >>> >>> >> I also like the idea of a rewriter. >> >> > you mean like mod_rewrite on apache ? > > That is not really what I meant. > > Suppose you have a show function or a static attachment containing some > form for your app whose action points to the Form/CouchDB-Bridge. > > The question then is what happens after a document is stored/updated > correctly. where to redirect the user to? just back to the form view is not > really something I'd like to see as a standard behaviour. > > So there needs to be some kind of target configuration that can't just come > from the (hidden) form content unless it is signed to ensure that it's > really the application that is sending the user to that URL and not the > user's hacking attempts. > > Regards, > Sven Helmberger > --000feaf10fcc9148690475e92352--