[catagits/Catalyst-Action-REST.git] / lib / Catalyst / TraitFor / Request / REST / ForBrowsers.pm

package Catalyst::TraitFor::Request::REST::ForBrowsers;
use Moose::Role;
use namespace::autoclean;

with 'Catalyst::TraitFor::Request::REST';

our $VERSION = '0.82';
$VERSION = eval $VERSION;

has _determined_real_method => (
    is  => 'rw',
    isa => 'Bool',
);

has looks_like_browser => (
    is       => 'rw',
    isa      => 'Bool',
    lazy     => 1,
    builder  => '_build_looks_like_browser',
    init_arg => undef,
);

# All this would be much less gross if Catalyst::Request used a builder to
# determine the method. Then we could just wrap the builder.
around method => sub {
    my $orig = shift;
    my $self = shift;

    return $self->$orig(@_)
        if @_ || $self->_determined_real_method;

    my $method = $self->$orig();

    my $tunneled;
    if ( defined $method && uc $method eq 'POST' ) {
        $tunneled = $self->param('x-tunneled-method')
            || $self->header('x-http-method-override');
    }

    $self->$orig( defined $tunneled ? uc $tunneled : $method );

    $self->_determined_real_method(1);

    return $self->$orig();
};

{
    my %HTMLTypes = map { $_ => 1 } qw(
        text/html
        application/xhtml+xml
    );

    sub _build_looks_like_browser {
        my $self = shift;

        my $with = $self->header('x-requested-with');
        return 0
            if $with && grep { $with eq $_ }
                qw( HTTP.Request XMLHttpRequest );

        if ( uc $self->method eq 'GET' ) {
            my $forced_type = $self->param('content-type');
            return 0
                if $forced_type && !$HTMLTypes{$forced_type};
        }

        # IE7 does not say it accepts any form of html, but _does_
        # accept */* (helpful ;)
        return 1
            if $self->accepts('*/*');

        return 1
            if grep { $self->accepts($_) } keys %HTMLTypes;

        return 0
            if @{ $self->accepted_content_types() };

        # If the client did not specify any content types at all,
        # assume they are a browser.
        return 1;
    }
}

1;

__END__

=pod

=head1 NAME

Catalyst::TraitFor::Request::REST::ForBrowsers - A request trait for REST and browsers

=head1 SYNOPSIS

    package MyApp;

    use Catalyst::TraitFor::Request::REST::ForBrowsers;


=head1 DESCRIPTION

Writing REST-y apps is a good thing, but if you're also trying to support web
browsers, you're probably going to need some hackish workarounds. This module
provides those workarounds for you.

Specifically, it lets you do two things. First, it lets you "tunnel" PUT and
DELETE requests across a POST, since most browsers do not support PUT or
DELETE actions (as of early 2009, at least).

Second, it provides a heuristic to check if the client is a web browser,
regardless of what content types it claims to accept. The reason for this is
that while a browser might claim to accept the "application/xml" content type,
it's really not going to do anything useful with it, and you're best off
giving it HTML.

=head1 METHODS

This class provides the following methods:

=head2 $request->method

This method works just like C<< Catalyst::Request->method() >> except it
allows for tunneling of PUT and DELETE requests via a POST.

Specifically, you can provide a form element named "x-tunneled-method" which
can override the request method for a POST. This I<only> works for a POST, not
a GET.

You can also use a header named "x-http-method-override" instead (Google uses
this header for its APIs).

=head2 $request->looks_like_browser

This attribute provides a heuristic to determine whether or not the request
I<appears> to come from a browser. You can use this however you want. I
usually use it to determine whether or not to give the client a full HTML page
or some sort of serialized data.

This is a heuristic, and like any heuristic, it is probably wrong
sometimes. Here is how it works:

=over 4

=item *

If the request includes a header "X-Request-With" set to either "HTTP.Request"
or "XMLHttpRequest", this returns false. The assumption is that if you're
doing XHR, you don't want the request treated as if it comes from a browser.

=item *

If the client makes a GET request with a query string parameter
"content-type", and that type is I<not> an HTML type, it is I<not> a browser.

=item *

If the client provides an Accept header which includes "*/*" as an accepted
content type, the client is a browser. Specifically, it is IE7, which submits
an Accept header of "*/*". IE7's Accept header does not include any html types
like "text/html".

=item *

If the client provides an Accept header and accepts either "text/html" or
"application/xhtml+xml" it is a browser.

=item *

If it provides an Accept header of any sort, it is I<not> a browser.

=item *

The default is that the client is a browser.

=back

This all works well for my apps, but read it carefully to make sure it meets
your expectations before using it.

=head1 AUTHOR

Dave Rolsky, C<< <autarch@urth.org> >>

=head1 BUGS

Please report any bugs or feature requests to
C<bug-catalyst-action-rest@rt.cpan.org>, or through the web interface at
L<http://rt.cpan.org>. We will be notified, and then you'll automatically be
notified of progress on your bug as I make changes.

=head1 COPYRIGHT & LICENSE

Copyright 2008-2010 Dave Rolsky, All Rights Reserved.

This program is free software; you can redistribute it and/or modify it under
the same terms as Perl itself.

=cut
Commit	Line	Data
85aa4e18	1	package Catalyst::TraitFor::Request::REST::ForBrowsers;
	2	use Moose::Role;
	3	use namespace::autoclean;
	4
	5	with 'Catalyst::TraitFor::Request::REST';
	6
3bb36dca	7	our $VERSION = '0.82';
f465980c	8	$VERSION = eval $VERSION;
f465980c	9
85aa4e18	10	has _determined_real_method => (
	11	is => 'rw',
	12	isa => 'Bool',
	13	);
	14
	15	has looks_like_browser => (
	16	is => 'rw',
	17	isa => 'Bool',
	18	lazy => 1,
	19	builder => '_build_looks_like_browser',
	20	init_arg => undef,
	21	);
	22
	23	# All this would be much less gross if Catalyst::Request used a builder to
	24	# determine the method. Then we could just wrap the builder.
	25	around method => sub {
	26	my $orig = shift;
	27	my $self = shift;
	28
	29	return $self->$orig(@_)
	30	if @_ \|\| $self->_determined_real_method;
	31
	32	my $method = $self->$orig();
	33
	34	my $tunneled;
	35	if ( defined $method && uc $method eq 'POST' ) {
	36	$tunneled = $self->param('x-tunneled-method')
	37	\|\| $self->header('x-http-method-override');
	38	}
	39
	40	$self->$orig( defined $tunneled ? uc $tunneled : $method );
	41
	42	$self->_determined_real_method(1);
	43
	44	return $self->$orig();
	45	};
	46
	47	{
	48	my %HTMLTypes = map { $_ => 1 } qw(
	49	text/html
	50	application/xhtml+xml
	51	);
	52
	53	sub _build_looks_like_browser {
	54	my $self = shift;
	55
	56	my $with = $self->header('x-requested-with');
	57	return 0
	58	if $with && grep { $with eq $_ }
	59	qw( HTTP.Request XMLHttpRequest );
	60
	61	if ( uc $self->method eq 'GET' ) {
	62	my $forced_type = $self->param('content-type');
	63	return 0
	64	if $forced_type && !$HTMLTypes{$forced_type};
	65	}
	66
	67	# IE7 does not say it accepts any form of html, but _does_
	68	# accept / (helpful ;)
	69	return 1
	70	if $self->accepts('/');
	71
	72	return 1
	73	if grep { $self->accepts($_) } keys %HTMLTypes;
74
75	return 0
76	if @{ $self->accepted_content_types() };
77
78	# If the client did not specify any content types at all,
79	# assume they are a browser.
80	return 1;
81	}
82	}
83
84	1;
85
86	__END__
87
88	=pod
89
90	=head1 NAME
91
92	Catalyst::TraitFor::Request::REST::ForBrowsers - A request trait for REST and browsers
93
94	=head1 SYNOPSIS
95
96	package MyApp;
97
98	use Catalyst::TraitFor::Request::REST::ForBrowsers;
99
100
101
102	=head1 DESCRIPTION
103
104	Writing REST-y apps is a good thing, but if you're also trying to support web
105	browsers, you're probably going to need some hackish workarounds. This module
106	provides those workarounds for you.
107
108	Specifically, it lets you do two things. First, it lets you "tunnel" PUT and
109	DELETE requests across a POST, since most browsers do not support PUT or
110	DELETE actions (as of early 2009, at least).
111
112	Second, it provides a heuristic to check if the client is a web browser,
113	regardless of what content types it claims to accept. The reason for this is
114	that while a browser might claim to accept the "application/xml" content type,
115	it's really not going to do anything useful with it, and you're best off
116	giving it HTML.
117
118	=head1 METHODS
119
120	This class provides the following methods:
121
122	=head2 $request->method
123
124	This method works just like C<< Catalyst::Request->method() >> except it
125	allows for tunneling of PUT and DELETE requests via a POST.
126
127	Specifically, you can provide a form element named "x-tunneled-method" which
128	can override the request method for a POST. This I<only> works for a POST, not
129	a GET.
130
131	You can also use a header named "x-http-method-override" instead (Google uses
132	this header for its APIs).
133
134	=head2 $request->looks_like_browser
135
136	This attribute provides a heuristic to determine whether or not the request
137	I<appears> to come from a browser. You can use this however you want. I
138	usually use it to determine whether or not to give the client a full HTML page
139	or some sort of serialized data.
140
141	This is a heuristic, and like any heuristic, it is probably wrong
142	sometimes. Here is how it works:
143
144	=over 4
145
146	=item *
147
148	If the request includes a header "X-Request-With" set to either "HTTP.Request"
149	or "XMLHttpRequest", this returns false. The assumption is that if you're
150	doing XHR, you don't want the request treated as if it comes from a browser.
151
152	=item *
153
154	If the client makes a GET request with a query string parameter
155	"content-type", and that type is I<not> an HTML type, it is I<not> a browser.
156
157	=item *
158
159	If the client provides an Accept header which includes "/" as an accepted
160	content type, the client is a browser. Specifically, it is IE7, which submits
161	an Accept header of "/". IE7's Accept header does not include any html types
162	like "text/html".
163
164	=item *
165
166	If the client provides an Accept header and accepts either "text/html" or
167	"application/xhtml+xml" it is a browser.
168
169	=item *
170
171	If it provides an Accept header of any sort, it is I<not> a browser.
172
173	=item *
174
175	The default is that the client is a browser.
176
177	=back
178
179	This all works well for my apps, but read it carefully to make sure it meets
180	your expectations before using it.
181
182	=head1 AUTHOR
183
184	Dave Rolsky, C<< <autarch@urth.org> >>
185
186	=head1 BUGS
187
188	Please report any bugs or feature requests to
189	C<bug-catalyst-action-rest@rt.cpan.org>, or through the web interface at
190	L<http://rt.cpan.org>. We will be notified, and then you'll automatically be
191	notified of progress on your bug as I make changes.
192
193	=head1 COPYRIGHT & LICENSE
194
195	Copyright 2008-2010 Dave Rolsky, All Rights Reserved.
196
197	This program is free software; you can redistribute it and/or modify it under
198	the same terms as Perl itself.
199
200	=cut