In the spring of 2005, Google introduced a browser plug-in called Google Web Accelerator (GWA), which set off heated discussions in the Rails community. The reason is that GWA worked by pre-fetching links. Upon loading a page, GWA would scan it for links and load them before they were even clicked—so when the user did click, the next page would already be cached and load much faster.
The problem was that many Rails applications (including Basecamp, the original Rails application) used regular links for destructive actions, such as “delete this post.” So if you installed GWA and then visited your Basecamp account, the plug-in triggered a wave of data loss. Users and developers alike were understandably quite upset by the unintended consequences.
Google quickly cancelled the product in response to the uproar. But technically, the plug-in wasn’t doing anything wrong (besides being wasteful with bandwidth). GWA was only creating HTTP
GET requests, which, according the spec, are supposed to be safe for intermediaries like GWA to use. The real problem was that Rails developers had adopted the bad habit of using
GET to trigger deletes.
The lesson was hard-learned, but important. Today, Rails is leading the charge among web frameworks to support the full vocabulary of HTTP methods, beyond just
POST. With most helpers, the fix is as simple as providing a
:method option. For example, to create a proper delete link:
<%= link_to 'Delete Contact', contact_url(:id ...