I know you can get parameters using params, but the thing is that it merges all parameters whether they were sent via GET or POST:
If you send a request via GET, no problem, the parameters can only be squeezed in the URL.
But if you send a POST request that has a URL like /blabla?foo=bar&foo2=bar2, is there a way to tell the difference between the variables sent via the URL and the variables sent through the actual POST method?
Yes, in your controller you can get the GET parameters using request.GET and the POST parameters with request.POST
Related
I have an old app running in rails 2.3.5
In customizing, I stuck when i find a param keyword being used in views
i.e in views I can see stuffs like
unless params[:fee_collection].nil?
can someone explain to me in what context is param keyword used in rail views rather than controllers
params is a hash that contains parameters sent with the HTTP request.
You can access to this object as well from your controller or from a view. Although, the convention is to access to an instance variable (defined in your controller, e.g : #fee_collection = params[:fee_collection]) from your view.
The params variable stores a hash which contains the http parameters received in the request to this route (controller#action)
If you have a UserController with the show method, you should receive the param[:id] to identify the resource you're looking for.
If you want to send parameters, it would be either via url in a GET or a data payload on a POST request, on the most common cases.
I'm getting a CORS POST request via OPTIONS sent to my app. It has no content-type set for the request.
It successfully gets to the right Controller action, but there is no accessible data. If I type params, there is nothing I can touch.
I did, however, discover that if I created Rack Middleware, and read the env['rack.input'], I could find all the data in the request I was looking for. So I wrote this :
env['CONTENT_TYPE'] = 'application/js'
rack_input = env['rack.input'].read
params = CGI::parse(rack_input).to_json
env['rack.input'] = StringIO.new params
env['rack.input'].rewind
status, headers, response = #app.call env
And magically, now in my controller, I can type params and see that ActionDispatcher successfully extracted the key/values from the request and make them accessible in my controller.
There's something suspicious about this. Is there are more appropriate way to extract OPTIONS requests and their respective data?
The OPTIONS call should not deal with data at all. It's a preflighted request to determine which actions are allowed using when using CORS.
RFC:
http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.14.7
The call will return with the allowed CORS HTTP verbs and a POST request should follow right after if POSTs are allowed on the server.
When I submit a form, a number of parameters are set without showing up in the url.
I would like to do the same thing with link_to:
<%= link_to((purchase.paid ? 'yes' : 'no'), {action: :index, hidden_id: purchase.id}) %>
produces the url 'http://localhost:3000/purchases?hidden_id=1'. I would like to link to the url 'http://localhost:3000/purchases' while still setting params[:hidden_id] so I can access it in the controller, as if I had submitted a form.
My routes.rb file is as follows:
root to: 'products#index'
resources :products
resources :purchases
match ':controller/(:action/(:id))', controller: :shop, via: [:get,:post]
In answering this, is there anything I should know here about the difference in the way these two things are handled? Is it something about get vs post requests or is there some other principle involved which I'm not grasping?
Yes, it's to do with Get vs Post requests.
A Get request can only send parameters in the URL itself. A post request can also be sent to a URL that includes parameters in the URL itself, but it can also send parameters 'under the hood' so to speak.
So if your routes were set up to allow it, you could send either a get or a post request to http://localhost:3000/purchases?hidden_id=1, but only the post request could include additional parameters under the hood.
Anything else you should know about the difference in the way these two are handled? Yes. In most web frameworks, when you see the parameters server-side, they will be split up into GET params and POST params. Rails doesn't make this distinction, and puts them both in the same params hash. (I think this is silly, but whatever).
Also, a get request can be sent simply by entering the URL in your browser and hitting enter. A post request will generally only be executed by a user submitting a form on a web page. For this reason, get requests are not meant to change any content in your database. They should be for viewing information only. So, eg, if you have a button to delete a resource (eg. a blog post or something) it should be submitted via post. (more info on that at Why shouldn't data be modified on an HTTP GET request?)
Lastly, Rails provides an option in it's link_to helper to allow you to easily make the 'link' use a post request. See the method option at http://api.rubyonrails.org/classes/ActionView/Helpers/UrlHelper.html#method-i-link_to. This basically uses javascript to prevent the normal action of clicking the link (which would be a get request), and submit a post request instead.
i am trying to post using postman to a rails api that i made, the actual request goes in and creates an entry, but nothing but the ID gets recorded. attached are the files for that.
You need to pass the post params and not just the id into the list.new call and make sure you're sending up the correctly namespaced values in the post request.
Step 1.
In create you need to do
#list = List.new(list_params)
Step 2.
Postman needs to be putting all the params into the list[] namespace
ie. list[title] rather than just title.
I have a ruby on rails api where I want to sign my request data by appending a hashed version of all passed in parameters to the request and rebuild this one at the server side as well to validate the integrity of the requests.
When I simply use the params method in the controller I have different parameters (e.g. for an update-method which is specified by this:
put 'login' => 'login#update'
I get as parameters on the server:
{"timestamp"=>"1399562324118", "secured"=>"xxx",
"login"=>{"timestamp"=>"1399562324118", "secured"=>"xxx"}}
although I only send the request from the client with
{"timestamp"=>"1399562324118", "secured"=>"xxx"}
Does any one have an idea how to get rid of this "login" parameter in the params list in a generic way? I do not want to exclude this for every single request of my api.
Thanks a lot!
Per the Rails Edge guide on ActionController:
"If you've turned on config.wrap_parameters in your initializer or calling wrap_parameters in your controller, you can safely omit the root element in the JSON parameter"
See http://guides.rubyonrails.org/action_controller_overview.html#json-parameters