I want (in my rails app) to submit a post request to another site, setting some headers, when the user clicks a button. I want the user to be sent to the other site (rather than just have a request in the background or something).
I'm a bit stuck: my understanding so far is
a) Regular form submission (which handles the POST) can't set headers, so i can't just have a regular form on the page.
b) I could set headers in the controller, make the button go to that action, then send the request from there, but i can't do a POST redirect_to so this isn't possible.
Are either of the above possible after all? Is there another way to do this?
Related
I have an app where I try to adhere to REST.
The app receives requests for external links that don't belong to the app, so the sole purpose of the action is to redirect the request to the external URL.
My suggestion is to have the following controller/action: redirects_controller#create.
Is my thinking correct or should it be the show action instead?
REST (apart from Rails) is about using the correct HTTP method for the correct action. The Rails part is just using the conventional controller action for a given HTTP method.
So, if you're doing a 301 or 302 redirect to another page, which browsers handle by issuing a GET request to the URL in the redirect response's Location header, do it in a show action. This will allow the user's browser to cache the other page when appropriate, and to not notify the user before redirecting.
(There is a way to redirect POSTs, but you didn't mention it so I expect you're talking about regular 301/302 redirects.)
Coming from a Java background, the REST actions must be related to CRUD operations. Requests that do not change the resource like in your case where the intent is to redirect to another page must be tied to a GET verb or show in your example.
If you were to create a new resource you would use POST.
A more detailed explanation can be found in Richardson's rest maturity model level 2
In emails, the only type of action possible is to send link (GET method).
What is the correct approach to send a link that will execute a POST action in the app (Eg. accept friendship)?
I see two possible solutions:
custom GET action only used in the email (eg. /action?type=accept_friendship&user_id=10)
get to a page and execute javascript on load to execute the action (eg. what Twitter does to follow back a user from an email)
How does those solutions compare? Are there others?
Thanks
A link with a GET action is ok as long as you include a unique token in the url to confirm validity & origin of the action
Is it possible to run a request command on a set of multipartFile objects for a set of selected files that has been passed to an second action from an initial action that received them from an type file input html tag.
I can access the multipartfile object as a string in the redirected (second) action -
Such as:
form:org.springframework.web.multipart.commons.CommonsMultipartFile#35d79259
But I am unable to run a request command such as request.getFiles - also I cannot cast it as a MultipartFile.
The redirect to intentional - let me explain what I'm trying to do in more detail:
I have a file upload web page with an input form that sends the selected files (multpartFile objects) to the action. Prior to uploading the files from the client I want the user to have a web page where he adds extra data to each file prior to uploading (metadata tags). To do this I was going to redirect to another action that displays a web page with the list of the files (having transferred the params data that contain the files selected from the original web page to the redirected action) and input fields for the user to add tags. In short the redirect is intentional.
I guess the correct way to do this is using js on the original web page - just wanted to see if I could do it this way instead?
-mike
In general redirects use GET, so there's nowhere for the form body and uploaded file(s) to go. POST/UPDATE/DELETE actions make changes, and a redirect is typically an indication that something went wrong, e.g. something mild like a url changed (301/302), or something more serious like an authenticated user trying to access a page they have no permission for, or an unauthenticated user trying to access anything guarded (401/403).
You wouldn't want to pick up where you left off from a lot of scenarios that trigger a redirect (and it wouldn't be practical at all) so it's common to not attempt to do anything with form or file upload data and let the user re-do the action.
I'm recently facing the problem with last request url after login. Normally, everything works properly. But if I proceed following procedure I have troubles:
Open an App in one tab and log in
In this tab I go somewhere where AJAX request to the server are proceeded regularly
Open a new tab with the app (I'm still logged-in)
In this tab I log out
In the mean time the AJAX request from the 1st tab is proceeded automatically
with HTTP 401 (cause I've logged-out)
When I try to log in again in the 2nd tab than I receive the JSON of the AJAX request from the 1st tab because it was the last request.
I would suspect that Spring Security would neglect AJAX request for "last request url". Is it possible to set this somewhere? Or is there any good workaround to this?
Thanks,
Mateo
I don't think there is a general way to distinguish ajax requests from "regular" requests initiated by the user navigating a browser. If you can distinguish them in your application (e.g. by mapping ajax requests to specific urls that can be matched against some patterns), you could easily implement what you are looking for. (EDIT: An easier way to identify ajax requests is suggested by Sérgio in his below comment.)
The component that is responsible to perform redirection after a successful login is SavedRequestAwareAuthenticationSuccessHandler, therefore one possibile way to customize the framework's default behavior is to provide your own AuthenticationSuccessHandler, and inject it into the UsernamePasswordAuthenticationFilter. It should be possible to autowire the RequestCache in your class, and decide if you want to replay the last cached request or just ignore it in case it's known to be an ajax request.
I have a controller action that is triggered by a GET route, which under some conditions, I want to redirect to the POST route of another app on another server.
I'm aware of redirect_to "http://somewhere.com/thing_to_post_to" but there doesn't seem to be a way of specifying the http method. This intended for AJAX requests not pages, so it isn't acceptable to return a javascript to direct the browser.
Is this possible?
redirect_to uses HTTP status code to make the redirection, so it would likely be a GET, here's antoher explanation to use 307 status code
Response.Redirect with POST instead of Get?
but is not very well implemented among all browsers, so i suggest using a session variable to pass parameters among the views or something similar.