I have built our marketing pages on WordPress and I was hoping I could add a search form on the WordPress site and show the results on the Rails application. Could I use Elementor to build a form and on submit that info is sent to the rails application to show the results from the rails DB and the user will now be on the rails application?
Thanks
You're asking about a form that is hosted on a Wordpress instance, which submits to a Rails app. While in general you could set the form action to post to any server, you will have problems doing this with Rails specifically because of the form authenticity_token, which is required by default for Rails forms with POST method.
See ActionController::RequestForgeryProtection
One way to stop Rails from doing this is to disable request forgery protection in your Rails controller:
protect_from_forgery with: :null_session
Another approach could be to build the search form in your Rails app, and embed it in an iFrame on your Wordpress. After the form is submitted in the iframe, you can redirect_to the results from the Rails controller, which will break out of the iframe with a HTTP 302 response that sets the user's browser location to the Rails application's results page.
Related
For marketing reasons we want to a/b test some landing pages. Fairly typical but, ideally, we'd like the page to post directly into our Rails backend (creating a new user). We plan to host our landing pages on Unbounce (or whatever, doesn't really matter) but it's not clear how to post to (users#create) in Rails app from a 3rd party form without running into CSRF and other security token issues.
Perhaps there is a better (read: best practice) for how to a/b test landing pages related to a Rails application? I'm trying to minimize changes to the codebase, if possible, required to run these landing page experiments.
Any thoughts greatly appreciated.
It's good that you're using the Rails defaults for security; you're letting the framework do good work for you! However, for what you're describing, the Rails CSRF protection defaults are going to get in the way. CSRF protection exists to protect signed-in users from having their account hijacked. Since this is your signup page, there is no signed-in user, so there's really nothing to hijack.
I recommend you do two things:
Skip the authenticity token check for this controller action only (example: skip_before_action :verify_authenticity_token, on: :create).
Don't accept the signup request if there's already a signed-in user.
I am working on a Rails 5 API only app using JWT tokens.
I'd like to use Rails Admin for internal processes and would like to configure Devise (or Clearance) for auth for staff members instead of integrating JWT tokens with Rails Admin directly.
The problem I have is once I set up Devise or Clearance (the controllers, models, and routes are there) the sign in screens return an empty HTML page.
There are some related issues with Clearance mentioned in https://github.com/thoughtbot/clearance/issues/741 but I've been unable to figure out why the HTML does not load.
The Rails API does exclude some middleware but it's not clear to me which is missing or causing the issue. Thanks.
I solved the problem by converting the Rails API only app to be a normal Rails app. Not the best solution, in my opinion, but it works!
I have a WordPress marketing site and a Rails web application. A user starts their session on the WP site, and then progresses to the Rails site.
I want to track conversions from the last WP step to the first Rails step, but Mixpanel doesn't seem to be recognizing that the user is the same user at that point.
How can I track a user in Mixpanel across subdomains?
Here you go with 2 solutions :
The quick solution is query parameters.
If the user is redirected to the Rails site directly from the WP blog then you can pass the user_id that you set on the WP blog to the Rails site as a query parameter (GET params for example, or headers).
Then, you'll be able to retrieve and set the same user_id in your Rails site and Mixpanel will recognize that it's the same user.
Something cleaner would be to use cookies.
If you have access to the back-end of the WP site, you can create an endpoint that returns the user cookie that the user has on your blog. Then you can call that endpoint from your Rails site.
Create a cookie with the user_id on your WP blog
Call the cookies endpoint of your WP blog from the Rails site
Use the cookie you just retrieved to set the same user_id on your Rails site.
This is a bit like Facebook does.
I'm working on a Ruby on Rails project where we want to automate some form submissions. How do we simulate posting a form from inside a controller method?
You could follow the POST below to use net/http to do a form post to an external or internal HTTP end point.
Submitting POST data from the controller in rails to another website
or you could use a popular HTTP client or REST client like httparty, wrest, mechanize etc. Look at the list here. https://www.ruby-toolbox.com/projects/rest-client
What is the best way to make authentication?
on frontend I use Angular.js
on backend: Ruby on Rails
Rails app using as API for my frontend.
UPDATE:
This is will be single page application.
Frontend wiil be developed in Angular.js, backend in Ruby on Rails.
In ideal I want to build backend as collection of resources returned in json.
I search best method of security implementation.
When user open the app I need to check if user authenticated.
If not - go to login page,
If authenticated - open that he wants and return needed resource from backend.
I think that I need to store auth token on the client side.
What is the best method to generate it, or maybe Rails already generate it for me?
I don't know Angular.JS at all but I will try to provide you general information on rails that you can use with any Javascript Framework.
For authentication, you just needs:
A model for users
a controller which handle login, this method check user login/password, create a session object with all information needed (session is stored on server side and a cookie is used on client-side to associate each request to a session)
A controller for handling logout which basically only destroy the user's session
You have a good implementation in the rails tutorial here, or you can find several plugins (authlogic seems to be the recommendation of stackoverflow usershere).
Then, there is few differences between handling authentication with static html pages or with AJAX:
A HTML request will send login and password to the controller, which will automatically redirect it to another internal page once the session create
In AJAX, the javascript on client side should send an ajax request, look for the answer by the server (success / failure) and launch adapted actions (message if failure, redirection if success)
In both cases, the important thing is to check that the user is authenticated at at each controller otherwise anybody would be allowed to launch action or access internal information.
I'm trying to do something similar and I found this example app which has been very useful to get me going in the right direction: https://github.com/karlfreeman/angular-devise
Also checkout further discussion about it here: https://github.com/karlfreeman/angular-devise/issues/1
And here's another repo which takes a slightly different approach: https://github.com/colindensem/demo-rails-angularjs
I ended up borrowing ideas from all of the above. Here's a working demo if anyone's interested: https://github.com/jesalg/RADD