Closed unikoca closed 2 years ago
ibnsultan
commented
2 years ago I think a default method GET was put there for a purpose, and if one does not want the GET method for the route they can specify another method of their wanting, so there was no need removing it.
unikoca
commented
2 years ago I think a default method GET was put there for a purpose, and if one does not want the GET method for the route they can specify another method of their wanting, so there was no need removing it.
When you setup the Route::add() singleton and put the extra array|string at the end without the 'get' string, you'll see that the $_GET request is still passing thru. example:
Route::add('/([a-z-0-9-]*)', function ($slug) { $response = controllerPublic::index($slug); print_r($_GET); }, ['post']);
The extra parameter (in my example, the ['post'] array should logicly, accept only the $_POST array in the function. The way i see it, it's an extra security while generating the page... per example, if we don't set the 3third parameter, we shouldn't accept anything. I may be missing something but i did my test before doing a pull request and it's working like it should be... from my point of view.
steampixel
commented
2 years ago @unikoca Sorry for this late answer. I am back from my holidays now :-) The super global variables $_GET and $_POST are not an indicator for the HTTP verb. For example you can have an query string and posting data to an endpoint at the same time for example. So you can post data to https://mydomain.com/api?key=foo&action=bar PHP will then populate both variables. If you are concerned about the contents in $_GET just override it with $_GET = [];
unikoca
commented
2 years ago @unikoca Sorry for this late answer. I am back from my holidays now :-) The super global variables $_GET and $_POST are not an indicator for the HTTP verb. For example you can have an query string and posting data to an endpoint at the same time for example. So you can post data to https://mydomain.com/api?key=foo&action=bar PHP will then populate both variables. If you are concerned about the contents in $_GET just override it with $_GET = [];
That's make sense then. i'll add this option in my controller then.
what make me think the third parameter what the actual $_GET/$_POST is that the $_POST is rejected when setting it to only ['get'] instead on ['get','post'].
steampixel
commented
2 years ago what make me think the third parameter what the actual $_GET/$_POST is that the $_POST is rejected when setting it to only ['get'] instead on ['get','post'].
This behavior is not part of this router. This is a HTTP and PHP default behavior. Normally a HTTP GET Request will not send data inside its header. So PHP will and can not populate $_POST if it receives a GET request. That's all. No magic. This router will not touch the $_GET, $_POST or $_REQUEST variables.
Removing the default value to $method so the add() method is working like expected. Now we must explicitly add to the array what we expect to allow ($_GET/$_POST/etc) while declaring the route.