Chapter 11 ■ the World Wide Web
197
With debug mode turned on (see the second-to-last line of Listing 11-2), Flask will even restart itself and
reload your application if you edit one of the listings, which makes it easy to explore the effects of small changes to
the code quickly.
There is one small detail missing here. If base.html in Listing 11-3 mentions style.css, where is it? It is sitting
inside of the static/ directory that you can find right next to the application in the source repository. You will want to
review it if you find that you are interested not only in network programming but in the idea of web design.
The Dance of Forms and HTTP Methods
An HTML form has the default action of GET, and it can be as simple as a single input field.
There is no space in this book to discuss form design—a huge subject fraught with technical decisions. There
are a dozen kinds of input to consider, besides text fields like the one here. And even text fields have many options
surrounding them. Are you going to use CSS3 to add some sample text to the input field that disappears as the user
starts typing? Should some in-browser JavaScript code perhaps gray out the submit button until the user has entered a
search term? Should you put instructions, or a few example search terms, below the input field to suggest ideas to the
user? Should a submit button ever actually say “Submit” or instead state what happens once the form is submitted to
the server? Will a minimalist designer ask you to omit the Go button altogether, simplifying the site but requiring the
user to know that they can hit Return to submit their search?
But these questions are covered at length in books and sites about web design. This book can focus only on what
forms mean for the network.
A form that performs a GET places the input fields directly in the URL and thus in the path transmitted with the
HTTP request.
GET /search?q=python+network+programming HTTP/1.1
Host: example.com
Think of what this means. The parameters of a GET become part of your browser history, and it will be visible to
anyone looking over your shoulder at the browser’s address bar. This means that a GET can never be used to deliver
sensitive information like a password or credential. When you fill out a GET form, you are stating, “Where I would
like to go next?” and you are essentially helping the browser compose a handcrafted URL for a page that you want the
server to invent so that you can visit it. Filling out the previous search form with three different phrases will result in
the creation of three separate pages, three entries in your browser history that you can return to later, and three URLs
that can be shared with friends if you want them to see the same page of results.
A form that performs a GET request is how you ask to go somewhere, merely by describing your destination.
This is in stark contrast to the opposite kind of HTML form, where the method is POST or PUT or DELETE.
For these forms, absolutely no information from the form makes it into the URL and thenceforth to the path in the
HTTP request.