i did some google to know about url encoding but, i didn't found any exact solution for my problem so i am posting it here.
I need to encode each and every request for my entire rails applications. the reason for this is i am passing some id in the url which needs to be encrypted for the user.
i couldn't get any Gems or common library for that. please guide me with your solution or direct me to the right path.
resource that i feel similar through:
url encode equivalent in ruby on rails
Related
In my rails application, I have search functionality. A user may directly enter a search string in the URL. If the user enters a search string as '%', the URL becomes:
http://localhost:3000/search/%
and that produces Bad Request error. Is there any option to encode the URL at runtime?
The question you're asking wouldn't actually solve the problem you're describing. Yes, Rails can encode a URL at runtime, in fact it encodes many URLs at runtime in its normal operation.
But, that won't help you, basically what's happening is that when your users create a URL with a % in it, they're actually creating an invalid URL - not just for Rails, but for any web server, or web application server or framework.
If you look closely at the error that you get returned in the browser, it's not even from Rails, it's from WEBrick (or whatever httpd you're using), same with the error that will be logged to your logs, it's not a normal Rails error in the Routing or elsewhere.
The upshot of all this is that no, you can't handle this in Rails because in many cases it won't even get through to Rails, and it's just a totally invalid URL.
Some PHP MVC has the index.php for the front controller. Now, my question is, putting a slash / and action after the document index.php makes it a valid URL? Also, does /action?var=val means that action is a file, not a directory? I'm really confused if I'll follow such URL format.
Thanks in advance!
It is a valid URL. In fact, with URL rewriting, pretty much anything can be a valid URL.
People often use the index.php/controller/action fallback if they can't rewrite the URL. It still works and they can access the URL used within PHP to still process it.
I want to grant users access to my API (hosted on heroku.com) from their sites.
But a strange problem occurs, when i want them to allow to post to the api:
Data sent from an correct form with the correct action-url (e.g. "http://myapp.com/projects/123/tasks/321/todos") - the params get serialized and send via jQuery - i encounter an "ActionController::MethodNotAllowed" with the additional info: "Only get and post requests are allowed", that re-routes to ApplicationController#index with :method => :options.
Rails doesnt extract the params for project_id (123) and task_id (321) from the url, neither are any further request_parameters, path_parameters or query_parameters available.
This behaviour occurs, when I POST from external sites, but doesn't occur, when posting from an html-page on my local machine. My first thought was about wrong encoding, but how to fix that problem.
Edit:
I am using authlogic (not devise :-D) and for the :create action the protect_from_forgery is already skipped.
Any suggestions appreciated
i guess that happens because rails tries to protect your form CSRF attacks.
you can comment out the protect_from_forgery line in your ApplicationController to test it.
but im not sure if thats the right way of dealing with this issue in the production environment.
Okay. I'll try and answer the right question this time (see other comment).
So I've thought about this, and I'm wondering, is this a case of the jQuery call attempting a PUT request? When you use the local form Rails will POST the data, but add the extra _method field to emulate a PUT.
Don't know if you are using jquery-rails, but this takes care of setting the _method parameter, and the PUT/POST verb translation for you in your AJAX calls.
The problem occured due to the cross domain policy - the request was made from another domain - and because I was using a recent browser that supports CORS, it was sending an OPTIONS-request first to get known from the server, which actions are allowed for this domain.
I'd like my users to be able to use Google Translate with my Rails apps. I have forms and login for the app. I keep getting the Rails InvalidAuthenticityToken when using the app through Google Translate.
Any insights on how i can get both to work? I am using Rails 2.5.x.
Thank you!
PS: To clarify, this the authenticity token works fine without going through Google Translate. I suspect it's something to do with the domain?
This is a feature of rails that prevents cross site scripting attacks. It really depends what you are doing but what you need to do is pass this secret that rails passes in every params hash. Check you log file or server or debug your params and you will see this. It is a really long code.
This code is generate in your environment.rb file so whenever you pass params to your application you need to include this file.
It's much harder than you'd think:
http://wiki.developers.facebook.com/index.php/Photos.upload
The tricky part is how to create the MIME multi-part message in Rails, which Facebook requires. I'm also using a Ruby Facebook API gem (mini_fb) which signs my other requests, and in addition to having no idea how to set up the MIME multi-part, even if I did I'm not sure how to add in the required signature values with the gem.
Please help!
Why not just use Facebooker? Or even if you have some reason not to you can reverse engineer the upload photo method.