Unsafe Actions: Replace link_to calls with button_to

The `<a>` element is suitable for [Safe HTTP Methods][] (like `GET`) to drive page navigations. Unsafe HTTP Methods (like `POST`, `PUT`, and `DELETE`) are better initiated by `<form>` submissions. This commit replaces generated calls to `link_to` with calls to `button_to`. The rest of the styling changes aim to preserve design decisions made about preserving the appearance of elements that were once presented as `<a>` elements that are now presented as `<input type="submit">` elements nested within `<form>` elements. While the design changes preserved backwards compatibility, it's worth re-considering the choice to present them as "navigation" links instead of "action" buttons. [Safe HTTP Methods]: https://developer.mozilla.org/en-US/docs/Glossary/Safe/HTTP
thoughtbot · Feb 13, 2024 · 6c6c04b · 6c6c04b
1 parent 5ee07c7
commit 6c6c04b
Show file tree

Hide file tree

Showing 4 changed files with 35 additions and 20 deletions.
diff --git a/app/assets/builds/administrate/application.css b/app/assets/builds/administrate/application.css
diff --git a/app/views/administrate/application/_collection_item_actions.html.erb b/app/views/administrate/application/_collection_item_actions.html.erb
@@ -7,10 +7,11 @@
 <% end %>
 
 <% if existing_action?(collection_presenter.resource_name, :destroy) %>
-  <td><%= link_to(
+  <td><%= button_to(
     t("administrate.actions.destroy"),
     [namespace, resource],
-    class: "text-color-red",
-    data: { turbo_method: :delete, turbo_confirm: t("administrate.actions.confirm") }
+    class: "link text-color-red",
+    method: :delete,
+    data: { turbo_confirm: t("administrate.actions.confirm") }
   ) if accessible_action?(resource, :destroy) %></td>
 <% end %>
diff --git a/app/views/administrate/application/show.html.erb b/app/views/administrate/application/show.html.erb
@@ -30,11 +30,12 @@ as well as a link to its edit page.
       class: "button",
     ) if accessible_action?(page.resource, :edit) %>
 
-    <%= link_to(
+    <%= button_to(
       t("administrate.actions.destroy"),
       [namespace, page.resource],
       class: "button button--danger",
-      data: { turbo_method: :delete, turbo_confirm: t("administrate.actions.confirm") }
+      method: :delete,
+      data: { turbo_confirm: t("administrate.actions.confirm") }
     ) if accessible_action?(page.resource, :destroy) %>
   </div>
 </header>

diff --git a/spec/example_app/app/views/admin/customers/_collection_item_actions.html.erb b/spec/example_app/app/views/admin/customers/_collection_item_actions.html.erb
@@ -7,10 +7,10 @@
 <% end %>
 
 <% if existing_action?(collection_presenter.resource_name, :destroy) %>
-  <td><%= link_to(
+  <td><%= button_to(
     t("administrate.actions.destroy"),
     [namespace, resource],
-    class: "text-color-red",
+    class: "link text-color-red",
     method: :delete,
     data: { turbo_confirm: t("administrate.actions.confirm") }
   ) if authorized_action?(resource, :destroy) %></td>