We've got a few emails that get sent out by our ASP.NET MVC 3 application.
In one of the emails, we want to add "Did you find this helpful?" to the footer of the email.
If they click "Yes", some action needs to be taken in the database.
What approach should i take for these links?
I don't really like the idea of doing a GET (e.g when they click the link), which then adds something to the database. GET's should never update state. Is there a way i can make it do a POST instead?
I'm using ActionMailer to perform emails, if that matters.
EDIT:
To be clear, i'm how asking "how" to implement the MVC side of things. I know i can create an action which takes the id, etc and saves to the DB, but i'm asking about what is the correct approach from a REST-style point of view.
You can create a form and do a POST in an email but it wont work with certain mail clients. Here is a reference from 2007 that shows where it works and where it doesn't:
http://www.campaignmonitor.com/blog/post/2435/how-forms-perform-in-html-emai/
ETA: A POST would of course fit the REST pattern but probably not a good option in your case. Since you are presumably just incrementing a counter for helpfulness, having this URL exposed shouldn't cause much of a problem.
Related
I'm new to backend programming. I chose the laravel framework. Already learned the basics. During the study, the question arose: is it necessary to use the form to transfer data to the server ?. For example: the deletion route looks like this to me
Delete.
If I leave it, will it be a mistake? Maybe advise an article or something. Thanks in advance
Short answer is no, it's not necessary, but you should (if you're bound to HTML only).
The HTTP standard has different methods for different purposes. Using an anchor tag will always make a HTTP GET request to the link/server, which is not ideal, GET request should never change the remote (server) state, that's a job other methods (POST, PUT, DELETE, PATCH), you should try to use the method that better describe what you're trying to do: in your case I suppose you're trying to delete a complaint, so a DELETE or POST is what you're looking for.
The only way to use make a non GET request in plain HTML* is to use <form>. Also if you're planning to use a method different from POST you should take a look at Laravel's #method here
Mind that if you can and want to use JavaScript to perform your request you totally can, dropping the requirement to have use form (docs and docs).
I want to configure segment.com properly on my site and use it to manage all other apps/tools. I already installed the segment javascript on my site and used it as the source. Now, I am pushing these to MixPanel, Facebook, Google Analytics, etc.
What code should I add if I want to track an event and/or identify a user?
For simplicity's sake, i have a landing page (site.com/landing-page) with a form. After a successful submission, it redirects to a thank you page (site.com/thank-you-page).
The default settings already track the page views, and are pushing that same event to the different tools (FB: PageView, MixPanel: Loaded a Page, etc).
But in this case, i want to track the event and capture the person's information. And i don't know what to code to add and where.
My research so far
According to this article:
The best way to track new users is in client-side javascript on the welcome page after they signup, below we’ll explain why.
So, based on that, I add the code to my thank you page. But where? Header like adding GA scripts? body tag? I can add it anywhere, but i don't know where.
Next is what code should I add?
The example from the same article above:
When a new visitor goes to their site that visitor is anonymous. As soon as the visitor connects their Facebook account, Rdio knows who they are and creates a user record.
As part of that new user record the person is assigned a userId. Let’s say the new userId is 12345. Rdio will then need to fire the following calls on the welcome page:
analytics.identify('12345',{ name:'Jake Peterson', email:'friends#segment.com'});
analytics.track('Account Created',{ authentication:'Facebook'})
This gives me two problems: track and identify.
Track Problem
I'll start with the track. Based on how I understood this, assuming the event name i want to be added is "Downloaded PDF" then I want to store the title of it as well. It should look like this, right?
<script>
analytics.track('Downloaded PDF', {
title: 'Awesome Title'
});
</script>
Am I correct to enclose them inside <script> tags?
The tracking of an event seems a bit easier to understand that the identify part. But would love to know if i got that part right.
Identify Problem
Here, i have two questions:
where does userId come from? Is it automatically generated? For example, inside my MixPanel account, i see them. Is that what i use?
How do i reference to the userId? or any of the other traits I want to track in my code?
Taking from the same example above:
analytics.identify('12345',{ name:'Jake Peterson', email:'friends#segment.com'});
If i add this exact code on my thank you page, every signup will be assigned those values: '12345', 'Jake Peterson', and 'friends#segment.com', right?
What code should I add to (1) assign them the right userId (2) and get the name and email traits from the form of the previous page.
Let's say i'm only collecting first name and email.
analytics.identify("userId"{ firstName:"firstName", email:"email"});
If I add this code to my thank you page, will it automatically assign the userId, firstName, email values of the form that was submitted? That's the part I don't understand. What code to add to dynamically push the correct data.
And i know i'm not even adding the Alias part for MixPanel yet, but i just want to understand this part and the rest (hopefully) will be easier to understand.
We usually follow the convention of doing a redirect after every post, which is ideally very clean. But usually there is a requirement to give the user feedback about what has been updated.
When i do a post followed by get i wanna show the same page with the notification about the updation being done, which makes the GET very clumsy with the extra status of whats being updated. Am i missing something here?
which is ideally very clean
debatable.
which makes the GET very clumsy with the extra status of whats being updated
...and that's one of the main reasons why.
Trying to pass transactional data via the session is a very bad practice.
The solution I've used is to use a front controller for sequences of forms (not a front controller for the whole site!) but in general trying to avoid the scenario where there is a sequence of forms to be posted
Okey, this might seem a bit strange question so I will explain.
Do I really need to create a postback that explains what is wrong with form if it's not validated if I also use JS for it?
I am of course validating user input and I use somewhat "general" approach. For instance if something is not validated it will just show "Some error occurred, check your input bla bla..". I am not creating postback for every input so that it will shot "Your username is suppose to be at least 3 characters long etc.." and I don't do this because JS is doing that on the fly.
My server-side validation only is like a guard against stupid/wrong entries where name is empty or something along that, rest is up to jQuery. Form will always be valid if client is running JS. I am doing it to save my time.
My question is - is it a bad idea? I just don't see why because everyone is running JS anyway and my server is not allowing bad/invalid entries to be put in DB even with JS off.
I don't think that's a bad idea, data validation can be client side. If something goes wrong, i just throw a generic error.
I only validate server side the business rules
I came across another Stackoverflow post regarding Get vs Post and it made me think. With CI, my URL for deleting a record is http://domain.com/item/delete/100, which deletes record id 100 from my DB. The record_id is pulled via $this->uri->segment. In my model I do have a where clause that checks that the user is indeed the owner of that record. A user_id is stored in a session inside the DB. Is that good enough?
My understanding is, POST should be used for one time modification for data and GET is for retrieving regards (e.g. viewing an item or permalink).
You really ought to require a post request when deleting. In CodeIgniter this could be as simple as checking $this->input->post('confirm')
Part of the justification is you don't want data changed on a get request. Since you said you are requiring the person be the owner, there still is the problem that some one puts an image with the source being http://domain.com/item/delete/100 Using post isn't a cure-all as you can do post requests from javascript so it would still be possible for a malicious user to create the delete request if you aren't properly filtering input.
I should admit that I'm a bit of a purist and just feel requiring post is the right way. Its how the standards were written (okay you could argue it should be a DELETE request but browsers typically don't support them) and in other cases you really need to use them (there have been cases of web crawlers deleting pages).
If you want to have the delete link be http://domain.com/item/delete/100 then you could display a confirmation message with a form that does a post action as confirming the deletion.
I hope this helps,
Bill