Originally Posted by fourpastmidnight
Now, in version MVC 1.0, this "may" have been true (most certainly it was true for MVC 1.0 PR
, which the book uses, I don't doubt that). However, in MVC 2.0, this is a new change. (maybe?) From what I've read, HttpPostAttribute only accepts HTTP POST verbs according to the changes FAQ on asp.net: http://www.asp.net/learn/whitepapers...t-mvc#_TOC3_12
You should take a look at it again. It does only allow HTTP POST requests now, if defined. So in that case it is working fine.
The problem, that you are failing to realize, is that it doesn't follow HTTP standards, specifically around the HTTP 405 method not allowed.
Which is critical for some REST applications to function. Currently it returns an HTTP 404 Not Found response, which is totally wrong if they are trying to shoot for standards.
If you read 404 specs, it only applies to the URL, not the method used against the URL. The 405 response defines how the method should be responded to if not currently defined or allowed.
This has been my biggest problem with the MVC team, they sit back and talk about how standards compliment MVC is, and everybody is willing to just gobble it up, because they really want to believe it is true, and with out doing any research to make sure it is true. Don't worry you are not the only one who has made this mistake.
And in the process of everybody talking about how standards compliment MVC is they are actually bastardizing the standard because none of them over their want to read or take the time to actually understand something as basic as HTTP status codes.
So if you want standards compliment code you still have to use my HttpPostOnly attribute, if you don't care, then use HttpPost.
As I stated before, we never mentioned ManagedFusion.dll in the whole book, because we totally expected it to be obsolete by publishing, but the MVC team has continued to let us down for a couple small features that makes your application that much more in line with standards. And me and Al weren't going to compromise on putting out crap, just because the MVC team doesn't understand the difference between a 404 and a 405.