requires_HTMX decorator about django-htmx HOT 6 CLOSED

Oh but it was not non-directly-loadable URLs I was pushing. I had just guessing that hx-push-url might be the reason - I'm not sure if it was.

Please come back with more info then :)

I think there's a key difference with require_http_methods - for wrong methods, there isn't anything sensible to return. But HTML fragments are sensible and very useful for debugging, scraping, etc.

from django-htmx.

Will do!

The decorator could configured to be disabled if DEBUG=True - also as an opt-in it is/would be just a safe-guard against wrong usage if one chooses to use it. Having it redirect could also be optional, making it more akin to require_http_methods.

from django-htmx.

I don't think I would personally use this. Being able to load up a view that returns a fragment for htmx can be useful for debugging at least. And I can't think of a common way that users would accidentally hit such URL's, since they're only mentioned in hx-* attrs normally? I've never seen a JSON API that analogously detects you're visiting from a browser and redirects you.

Can you explain more of what lead you to think of this?

from django-htmx.

I've had some experiences with my browser showing the raw output from a HTMX request when for instance accessing a page again after the browser being closed. It might have something to do with wrong usage of hx-push-url. My reasoning was that if I could just block of that kind of direct access, I would minimise those kinds of weird "accidental behaviour".

The idea with the decorator is to mimic the django builtin require_http_methods decorator(s), in that it limits/guards the view from being accessed in a way that is not intended.

I also thought of including a call to django.utils.log.log_response (like in require_http_methods), to log if the decorated views are "used incorrectly".

from django-htmx.

Indeed you shouldn't push URL's into the location history that the user cannot load directly. Such URL's may be loaded in many situations: when the browser restarts, or the internet goes offline and returns, or if the user hits refresh. Displaying "fake" not-directly-loadable URL's seems like an anti-pattern to me.

Because of this I do not see the utility of the decorator.

from django-htmx.

Oh but it was not non-directly-loadable URLs I was pushing. I had just guessing that hx-push-url might be the reason - I'm not sure if it was.

Those random encounters (which I'll have to see if I can replicate somehow) were reason for the decorator. But I think that it has more merit than just avoiding that case - in the same way as require_http_methods marks correct usage of a view.

from django-htmx.