DHH talks about ‘the vanilla evilness of the GWA concept’ but ignores the fact that GWA is not doing anything wrong, while Ruby on Rails most definitely is. When you write a web application (or framework) you’re supposed to ensure that GET is idempotent. You shouldn’t be able to delete data on the server by sending a GET. GWA sends GETs, but Rails treats them like POSTs, for its own convenience.
From RFC 2616:
In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested.
Naturally, it is not possible to ensure that the server does not generate side-effects as a result of performing a GET request; in fact, some dynamic resources consider that a feature. The important distinction here is that the user did not request the side-effects, so therefore cannot be held accountable for them.
So the RFC says that the user (in this case GWA) didn’t request side-effects when it performed a GET, so it can’t be held accountable.
Rails is the software with the big problem here. It gives you a tool (link_to) and encourages you (see the linked document) to use it in a way that puts a link on your page, which when followed (via GET) deletes data from your database.
Rather than shouting WTF and blaming Google, it would be more constructive if David would admit that there is a serious bug in Rails.