Seth Ladd's Blog: Force HTTP GET for Ext JS DataGrid and Store and JsonReader

Thursday, December 18, 2008

Force HTTP GET for Ext JS DataGrid and Store and JsonReader

I work with ExtJS a lot, and have had great luck with it. We use the layouts, DataGrid, and most of the included widgets.

One thing that has always struck me as odd is the Store (the class responsible for fetching and exposing the data) defaults to a HTTP POST when retrieving data. I think that any retrieval of data from an HTTP end point should be GET, to take advantage of caching and the simple fact that the operation is idempotent.

If you want to force a HTTP GET method to be used when retrieving data with an Ext JS Store (for instance, when retrieving JSON data), here's the Javascript code:

var proxy = new Ext.data.HttpProxy({
url: '/foos.json',
method: 'GET'
});

var store = new Ext.data.Store({
remoteSort: true,
proxy: proxy,
sortInfo: {field: 'id', direction:'desc'},
reader: new Ext.data.JsonReader({
fields: [{name:'id', type:'number'},
{name:"created_at", type: 'date', dateFormat: Date.patterns.XmlSchema},
"category_value",
"sub_category_value",
"created_by_login",
"involved_people_count",
"involved_objects_count",
"percent_complete"],
totalProperty: 'totalRecords',
root: 'records'          
})
});

Notice the external HttpProxy which defines the URI that returns the JSON data as well as the HTTP method. Pass this HttpProxy to the Store and you'll be using GET!

6 comments:

Laurens Holst said...: Probably the reason the thing defaults to POST (presuming that it is not read-only) is that if you default to GET and people use it to write/modify data without paying attention to the method used, then you are violating the HTTP principle that GET should be a ‘safe method’, which in turn can result in a nasty security vulnerability.; December 18, 2008 11:42 AM
sethladd said...: Sure, GET is primarily for retrieving representations (a.k.a. Reading) The DataGrid and related Store objects are arguably only used for reading/viewing information. Therefore, I would have expected that the default method is GET. But you're right, if you are changing data, you should use PUT, POST, or DELETE.; December 18, 2008 3:14 PM
sonson said...: hi...

Not enought information...; January 4, 2009 6:54 PM
lnytkehq jwgvsbmof said...: maegozpt twqpmlvef qhrvpatc czvy vxlzfg mcbg zoysrvi; January 12, 2009 7:22 PM
lnytkehq jwgvsbmof said...: maegozpt twqpmlvef qhrvpatc czvy vxlzfg mcbg zoysrvi; March 21, 2011 9:08 PM
Laurens Holst said...: Probably the reason the thing defaults to POST (presuming that it is not read-only) is that if you default to GET and people use it to write/modify data without paying attention to the method used, then you are violating the HTTP principle that GET should be a ‘safe method’, which in turn can result in a nasty security vulnerability.; March 21, 2011 9:08 PM