Replace Location class with browser-provided URL
#90
Conversation
seanpdoyle
force-pushed
the
use-browser-url
branch
from
3ded7f6 to
835def8
Compare
seanpdoyle
force-pushed
the
use-browser-url
branch
from
835def8 to
23aa0e5
Compare
seanpdoyle
force-pushed
the
use-browser-url
branch
from
23aa0e5 to
c7d6e34
Compare
|
👍 I was about to open a ticket to ask to export it as it is needed by |
The Turbo-internal `Location` class' responsibilities overlap almost entirely with the browser-provided [URL][] class. In addition, Turbo's `Location` class name conflicts with the browser-provided [Location][] class, which is itself an almost `URL`-compliant interface. This commit removes the Turbo-internal `Location` class, and modifies all consuming interfaces to use `URL` instead. The properties and functions that do not have corresponding [URL][]-provided versions have been extracted to the `src/core/url.ts` module. [URL]: https://developer.mozilla.org/en-US/docs/Web/API/URL [Location]: https://developer.mozilla.org/en-US/docs/Web/API/Location
Incorporate the anchor change in behavior from [hotwired#58][]. [hotwired#58]: hotwired#58
seanpdoyle
force-pushed
the
use-browser-url
branch
from
c7d6e34 to
17f6332
Compare
|
Hey, I think there is a bug in how forms are submitted since this PR was merged. Basically, all the elements of a form are being included in the URL when it's submitted. This is what form submissions look like with the latest Turbo from npm: If you clone the repo and then point your package.json at your clone on the
If you do
This line seems to be the culprit: https://github.com/hotwired/turbo/pull/90/files#diff-68b647dc2963716dc27c070f261d0b942ee9c00be7c4149ecb3a5acd94842d40R53 It looks like it is replacing the old behavior here, but that behavior only ran on |
|
@ghiculescu thanks for reporting this! I believe the decision was deliberate, but #128 might handle the nuance a little more appropriately. |
|
I don't think putting the contents of the form body in the URL are a good idea. As an example of why, different browsers implement different rules around URL lengths which this could now break. There's probably also security implications, eg. if your server logs URLs but not request bodies, it may suddenly start logging passwords or authenticity tokens (like my 2nd screenshot). |
|
ba323e4 looks like it'll fix it. Thanks @seanpdoyle |
The Turbo-internal
Locationclass' responsibilities overlap almostentirely with the browser-provided URL class. In addition, Turbo's
Locationclass name conflicts with the browser-provided Locationclass, which is itself an almost
URL-compliant interface.This commit removes the Turbo-internal
Locationclass, and modifiesall consuming interfaces to use
URLinstead.The properties and functions that do not have corresponding
URL-provided versions have been extracted to the
src/core/url.tsmodule.