Issues using a link_to_remote to change the state of the database?

anyone know of any issues using a link_to_remote to change the state of the database? I'm taking about issues with spiders, google accelerator etc. Twitter seems to do it with no problem. Thanks

Solution

Generally anything engaged only with JavaScript or using a non-GET method is safe from this sort of thing. Rails also has a special field send with each POST to ensure that the form was generated by the application and not a third-party site.

This is why in Rails 2.x the destroy methods require DELETE to be routed properly. Prior to this there were GET-based destroy calls with a slightly different path and that created the exact problems you are describing.

Using a temp PostgreSQL table in a connection from pgbouncer pool
Ruby 3.0.2 installation build fails with "error: 'maybe_unused' attribute cannot be applied to types"
Rspec expect( ) vs expect { }
Error when trying to install devise in Ruby on Rails 7.0.0
Ruby, Rspec, and yield stubbing
Minimagic not showing the correct font defined in the image creation
Verify the integrity of Google ID token in Ruby
Where #constantize method is defined in Ruby?
Rails API - Getting Unpermitted params uploading files
Upload a file(.pdf, .jpg etc) using rails active storage via API through postman? (not through rails views)
Rails: Is it possible to check if a named scope is valid for a given active record?
API endpoint link is working in Postman but not in Ruby on Rails with ActiveResource
Heroku page not found
NameError: uninitialized constant Api::V1::Item::ItemsController::Item
Rails 5 Filter chain halted as :set_product rendered or redirected error when indexing all products
Rails API Get with parameters
Uploading file from raw JSON
Param is missing or the value is empty: user
Sending POST request rails
When does Rails generate a readme.md (as opposed to a readme.rdoc)?
How to add active record validation errors inside custom setter?
There is a programmatical way to detect Zeitwerk::NameError when upgrading to Rails 6?
Rails 7 missing partial
ActiveModel - declare a model attribute as an array of AR instances
Suppress Ruby warnings when running specs
Rails does not fire my after_commit callback
How to make helper_methods available to Views in Rspec
When stripe checkout payment fails, it stays on the same page and displays a standard error message provided by stripe
Accessing class constant from within a module
How to redirect to previous page in Ruby On Rails?