The explanation below is big, but the question is really simple.
I'm doing a simple form project in https://www.theodinproject.com/paths/full-stack-ruby-on-rails/courses/ruby-on-rails/lessons/forms.
The first part where I am, I need to build a form manually - so that I can see how Rails does a lot for me when I use its helper methods.
I'm stuck in this point:
Specify the method and the action attributes in your tag (use $ rails routes to see which HTTP method and path are being expected based on the resource you created).
The routes.rb file looks like this:
resources :users, only: [:create, :new]
I don't know how to determine which method should I use for the form - post or get.
I don't know how to determine which action path I should use.
I've gone into the internet, Rails guides and etc, and have solved the other topics so far, but for this one I can't get through it.
My form so far:
<form action='/create' method="post" accept-charset="UTF-8">
<label for="username"></label>
<input type="text" id="username" name="username"><br>
<label for="email"></label>
<input type="text" id="email" name="email"><br>
<label for="password"></label>
<input type="text" id="password" name="password"><br>
<input type="submit" id="submit" value="Submit" >
</form>
Once I run it in the server and then submit the form - which I did - I should get:
"Submit your form and view the server output. Oops, we don’t have the right CSRF authenticity token (ActionController::InvalidAuthenticityToken) to protect against cross site scripting attacks and form hijacking. If you do not get an error, you used the wrong method from step 1."
Yes, Rails is smart) When u are sending the request to your server, Rails must know from where this request is coming. In short, if your form sending the CSRF token then Rails understand that u send this request, otherwise someone else on your behalf (CSRF attack).
To fix this bug u need to set <%= form_authenticity_token %> in your .erb view. It will generate this input that is below
<input type="hidden" name="authenticity_token" value="your_token_generate_by_rails">
Or for your testing purposes, u can use this in your controller which is processing your request. But never use it in future if you are don't know what are u doing)
skip_before_action :verify_authenticity_token
Hi there fellow Odin student!
It looks like you're doing this lesson. Me too!
It sounds like you're asking about what value to use with action attribute in the form.
When I created a form using the Rails formHelper methods, I inspected the HTML that Rails created when I was previewing the app/website (rails s). By opening up the Developer tools (F12 key, or right click the mouse and choose inspect)I was able to see that the form Rails created had an action equal to the name of the resource, with a forward slash in front of it.
So for your example, the resource created is "users". So the action attribute would be /users
to be complete, the solution would be something like: <form action="/users"...
Hope this helps!
Related
I'm making a single web app.
I have a form with a POST method and an action value equal to "/login".
<form action="/login" method="POST">
<label for="mail">Email</label><input name="log" id="mail" type="text">
<label for="pass">Pass</label><input name="pass" id="pass" type="text">
<input type="submit">
When the submit button is press, server get the form, then return to the index page.
But, in the address bar, I have "local:5050/login" and would have "local:5050".
Can I remove the "login" mention ?
Since you are making a SPA, you will not want to have the POST method of the form actually complete. Generally this is done in dart by attaching a listener on the form element, within that listener you would then do a couple of things:
1) Cancel the default action (Also see: How do I prevent an on.submit event from changing/reloading the page?)
2) Get the values you're interested in from the form (or potentially take the entire form itself)
3) Send the values via an AJAX request to the server and listen for the response from the server to verify it was valid etc.
See the Dart tutorials on forms for more information on accomplishing the other steps.
Say I were to post to a site using www.mysite.com?user=myuser does that simulate the submit button that is associated with that form? If so, what happens if there are a number of submit buttons in the form?
Also, if that button's html is like so <input name="button" class="button" type="button" value="Save" onclick="javascript: submit()" disabled> with the "disabled" attribute, does that mean I can't POST www.mysite.com?user=myuser/won't work?
<form name="Form" method="post" action="/thisAction.do">
<input type="text" name="inquiryNo" maxlength="11" value="" onkeyup="javascript: checkNo()">
<input name="buttonInquire" class="button" value="Inquire" onclick="javascript: submitInquire()" type="button">
<!--Then comes a number of other inputs-->
<input.../>
<input.../>
<input.../>
<input name="modify" class="button" type="button" value="Save"
onclick="javascript: submitModify()" disabled>
</form>
This is some sample code as it's work stuff which I am not allowed to share. So when I use the inquire action a new account successfully loads up and the details are presented on the page. The modify action is meant to 'modify' those details but it just returns the same details displayed on the page. I get no sort of feedback from anything.
You can POST to a URL with a query string (the stuff after the ?), and since you say you're using urllib2 with a data argument, that's what happens. The server can then read both the POST data and the query string and do whatever it wants, though most of the time they're merged together or the query string is ignored entirely.
disabled only stops you from clicking the button in the browser (and even then, you can just un-disable it with a tool like Firebug). You can POST whatever you want to any URL you want; HTML can't stop you, though the server can still give you an error if it wants.
I think your problem is that "inquire" is the default action, and something's wrong with your POST. So no matter what you send, the server isn't recognizing it and is falling back to "inquire".
It looks like the form is intended to send modify=Save. Can you post the Python code you're actually running?
No, what you actually typed in is a GET method.
There are 2 ways of submitting data: POST AND GET.
Post is by submitting data by using a form in a webpage that posts to another on the background, while GET is setting the data in the url itself like user=myuser.
Most of the times using a GET method (url query string) will not work if the web programmer actually is checking for a POST method. The same happens if the programmer is waiting for a GET request and you actually POST it.
However there is a php var called REQUEST which will work with GET and POST.
I'm no professional in PHP but because you had no answers at the moment I tried my best to explain it. Hopefully some expert will come along and explain it properly.
You edited your question while I was replying so you need someone to answer you on your second question.
I have the following mark up in an ASP.NET MVC view (this is a Twitter Bootstrap search box):
<form action="#Url.Action("Results", "Search")" method="post">
<input type="text" class="search-query" id="SearchTerm" name="SearchTerm" />
</form>
This code works as expected, but using a post here is causing problems.
How can I change this markup to pass the search query as a URL argument instead? I'm not really sure how to even approach this short of keeping the existing markup and then redirecting from the controller. I'm thinking there must be a more efficient way than that.
You should be able to change method="post" to method="get" and get the desired result. The form, with a get method setting, pushes the fields in the form to the querystring by its default behavior.
As a workaround, if the default behavior doesn't suit you, you could catch the submit event of the form, and do:
window.location = form.action + "?SearchTerm=" + document.getElementById("SearchTerm").value
Something like that, where form is a reference to the form element. You can build the link and redirect using javascript, which is a get request.
I have this form below which contains two checkboxes to sort some products:
<form id="FiltreExtraForm" action="" method="post" name="FiltreExtraForm">
<input id="ProductsDeliveryPrice" type="checkbox" value="1" name="data[Products][delivery_price]"/>
<input id="ProductsPicture" type="checkbox" value="1" name="data[Products][picture]"/>
</form>
After POST I do the filtering but I also want to add received parameters to URL E.g: /products/index/delivery_price:1/picture:0 . Is this possible. How can I do that?
Note: I don't want to use GET to send form info.
Sounds like you are looking to do a Post/Redirect/Get.
Here are two examples of doing this in CakePHP:
Searching on surname
Searching on multiple fields
The two main advantages of redirecting a POST to a GET request are:
Users don't get the "Do you want to resubmit?" dialog if they refresh
The resulting page/query can be bookmarked
In the action to which you post, you could simply prepare the GET url and then redirect to this url. The action for that url then does the filtering.
If I understand you correctly (and I'm not sure that I do), you can pass additional variables on the query string of the form's action quite easily. Conventionally, that might look like this:
<form id="FiltreExtraForm" action="/products/index?delivery_price=1&picture=0" method="post" name="FiltreExtraForm">
Using Cake, you should be able to do the same without the traditional query string if you'd rather (though the traditional method above will also work):
<form id="FiltreExtraForm" action="/products/index/delivery_price:1/picture:0" method="post" name="FiltreExtraForm">
I would recommend looking at the form helper or at least constructing the action URI using helpers, but this should get you what you're after.
I would like to make my application somewhat REST compliant. I am using Rails on the backend and GWT on the frontend. I would like to do updates and deletes. I realize I can do something like mydomain.com/:id/delete (GET) and accomplish the same thing. However, as I stated previously, I would like to have a REST compliant backend. Thus, I want to do mydomain.com/:id (DELETE) and have it implicitly call my delete method.
Now, it's my understanding that if a browser (my browser is GWT RequestBuilder) doesn't support DELETE/GET, Rails somehow accomplishes this task with a POST and some other url parameter. So, how can I accomplish this with a GWT RequestBuilder?
Rails does this with hidden attributes. The easiest way to figure this out would be to create a new rails application, generate a scaffold and have a look at the HTML in a browser.
Try this:
rails jp
cd jp
./script/generate scaffold RequestBuilder name:string
rake db:migrate
./script/server
Then navigate to http://localhost:3000/request_builders, click on New and have a look at the HTML. You'll see something like:
<form action="/request_builders" class="new_request_builder"
id="new_request_builder" method="post">
<div style="margin:0;padding:0">
<input name="authenticity_token" type="hidden" value="e76..." />
</div>
This is a creation, method is POST. Enter a name, save then Edit:
<form action="/request_builders/1" class="edit_request_builder"
id="edit_request_builder_1" method="post">
<div style="margin:0;padding:0">
<input name="_method" type="hidden" value="put" />
<input name="authenticity_token" type="hidden" value="e76..." />
</div>
Of course the form is sent with POST, but Rails hads a hidden field to simulate a PUT request. Same for deletion, but the scaffold will do it with a bit of Javascript:
var m = document.createElement('input');
m.setAttribute('type', 'hidden');
m.setAttribute('name', '_method');
m.setAttribute('value', 'delete');
To have this work with another front-end, you'll have to both:
Use the same style URL such as /request_builders/1 (RESTful URLs)
Include the hidden fields (Rails trick)
Like #skrat said, the _method=PUT workaround doesn't work for any kind of body where Content-Type is not x-www-form-urlencoded, e.g. XML or JSON. Luckily, there is a header workaround as well:
https://zcox.wordpress.com/2009/06/17/override-the-http-request-method-in-jersey/
So to update a REST resource, just do a POST to its address and add the header X-HTTP-Method-Override: PUT. Rails will interpret this as a PUT to the address.