Home/ Questions/Q 7763283
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T14:37:12+00:00

in order to make sure all form submission and all data submitted to server

  • 0

in order to make sure all form submission and all data submitted to server is not through GET I found this piece of code

if(request.method == 'GET') {
      response.sendError(405)
    } else {
      // the rest of the delete action goes here
    }

We can apply this in out base controller which is extended by all controllers so , the code is not repeated everywhere.
The above methods checks the existing method
I want to know is there a way to set the method to POST throughout the application, like all forms and all data submitted should be by POST. any configuration/variable I use to set this ?

Thanks in Advance
Priyank

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In general that’s what the allowedMethods map is for; when you use the generate-controller or generate-all script your controller will have this:

    static allowedMethods = [save: "POST", update: "POST", delete: "POST"]

    and you can add or remove action names from the map depending on which actions require POST and which allow GET. You can put this in a base class and allow subclasses to reuse the base class definition and add to it with this approach:

    static allowedMethods = BaseController.allowedMethods + [createUser: "POST"]

    That requires that you extend that base class, so it’s easy to forget. So a better approach might be to use a filter; you can create one with the create-filters command.

    So for example you could have a filter like this with an explicit list of actions to disallow:

    def filters = {
   postOnly(controller:'*', action: 'save|update|delete') {
      before = {
         if (!request.post) {
            response.sendError(405)
            return false
         }
         true
      }
   }
}

    and in addition to pipe-delimited action names (you can do the same for controller names) you can also use wildcards, so you could add in any action that starts with ‘create’:

       postOnly(controller:'*', action: 'save|update|delete|create*') {
    • 0