When attempting to write/read cookies that have brackets in the name, it seems like Rails can't handle this. For example:
cookies["example[]"] = "value"
This causes the cookie name to be "example%5B%5D" instead of "example[]". Similarly, if I already have a cookie set with the name "example[]", then it seems like Rails is unable to properly delete it via a call cookies.delete "example[]" since the [ and ] characters are being encoded.
Anyone know how to fix this?
Th rfc does not specify what all can be in the name of a cookie . All it says that the name needs to be text . I guess rails is encoding the text and hence the brackets are becoming %5B%5D . I think its best to avoid such characters in Cookies .
Looks like this can only be done by hacking the Rails core. Sucks that the Rails developers implemented it this way.
Related
I have a search page where I update the URL params on the page as filters are added or removed by the user. This allows me to deep link into the page (ie. going to /search?location=new+york&time=afternoon will set the location and afternoon filters).
I also have a filter named format. I noticed that passing in ?format=whatevervalue to the URL and then reloading the page with that param causes Rails to return a Completed 406 Not Acceptable error. It seems that format is a reserved Rails URL parameter.
Is there anyway to unreserve this parameter name for a particular endpoint?
In the context of an URL in Ruby on Rails there are at least four reserved parameter names: controller, method, id, format.
You cannot use these keys for anything else than for their intended purpose.
If you try to you will override the value internally set by Rails. In your example by setting ?format=whatevervalue you override the default format (html) and your application will try to find and render a whatevervalue template instead of the html formatted template. This will obviously not work.
Fun fact: Instead of using the default Rails path format like /users/123/edit you could use query parameters instead like this: /?controller=users&id=123&method=edit&format&html.
My suggestion is: Do not try to fight Rails conventions. Whenever you try to work around basic Rails conventions it will hurt you later on because it makes updates more difficult, common gems might break, unexpected side-effects will happen. Just use another name for that parameter.
I am currently working on a Grails solution and I am looking to pass a URL using WSLite, I basically want to pass a bunch of query params and have them fired off. One of the params I need to have is session.name, I need this exactly like this as a 3rd party system can only read data as "session.WHATEVER". However when i enter the data below it has a problem with the "session." as it appears that session is a reserved word in grails. Is there anyway I can get grails not to pick-up the reserved word and just use session.name? Maybe by some sort of override?
def response = client.get(path:'/TestingService', query:[code:testCode, session.name: name])
Thanks
Use quotes:
query:[code:testCode, 'session.name': name]
I need to create a cookie containing double quotes.
cookies[:mycookie] = '"contentofmycookie"'
But then my cookie actually contains:
%22contentofmycookie%22
I've seen that Rails encodes cookie values; may be I should avoid this by overriding something but I don't know what. I'm using Rails 3.2.3.
Edit:
I need my cookie to contain double quotes to get it recognized by another application. This other application is not a Rails application and uses a cookie with quotes inside.
Thanks for your help!
You need to unescape your cookie when you extract it.
require 'cgi'
print CGI.unescape cookies[:mycookie]
#=> "contentofmycookie"
I have a Ruby on Rails Application that is using the X virtual framebuffer along with another program to grab images from the web. I have structured my command as shown below:
xvfb-run --server-args=-screen 0 1024x768x24 /my/c++/app #{user_provided_url}
What is the best way to make this call in rails with the maximum amount of safety from user input?
You probably don't need to sanitize this input in rails. If it's a URL and it's in a string format then it already has properly escaped characters to be passed as a URL to a Net::HTTP call. That said, you could write a regular expression to check that the URL looks valid. You could also do the following to make sure that the URL is parse-able:
uri = URI.parse(user_provided_url)
You can then query the object for it's relevant parts:
uri.path
uri.host
uri.port
Maybe I'm wrong, but why don't you just make sure that the string given is really an URL (URI::parse), surround it with single quotes and escape any single quote (') character that appears inside?
I have a simple problem for that I'd like to hear your thoughts:
I have this URL in Rails http://example.com/hosts/show/somehost
I'm getting the 'somehost' part via params[:id]. I'm calling URI.encode on 'somehost' but this does not encode '.' characters. Rails won't recognize ID parts with points in it so I tried to replace the points with '%2E' - That works, but Firefox (and I guess other browsers too) changes the '%2E' back to points right after the request. This makes copy&paste impossible and will lead to a lot of problems.
I'd like to encrypt and decrypt the 'somehost' part in an URL-safe way - Any suggestions? I can't call by an numeric primary key because of the underlying architecture. I have to look up by name.
Thank you all very much!
You could use base64 encoding, but it would be better to fix the actual problem you are having. This issue is described here. You need to set a :requirements key for your routes file with a regex that includes the dot.