Develop Reference

The action path of a form in Rails

The explanation below is big, but the question is really simple.
I'm doing a simple form project in https://www.theodinproject.com/paths/full-stack-ruby-on-rails/courses/ruby-on-rails/lessons/forms.
The first part where I am, I need to build a form manually - so that I can see how Rails does a lot for me when I use its helper methods.
I'm stuck in this point:
Specify the method and the action attributes in your tag (use $ rails routes to see which HTTP method and path are being expected based on the resource you created).
The routes.rb file looks like this:
resources :users, only: [:create, :new]
I don't know how to determine which method should I use for the form - post or get.
I don't know how to determine which action path I should use.
I've gone into the internet, Rails guides and etc, and have solved the other topics so far, but for this one I can't get through it.
My form so far:
<form action='/create' method="post" accept-charset="UTF-8">
<label for="username"></label>
<input type="text" id="username" name="username"><br>
<label for="email"></label>
<input type="text" id="email" name="email"><br>
<label for="password"></label>
<input type="text" id="password" name="password"><br>
<input type="submit" id="submit" value="Submit" >
</form>
Once I run it in the server and then submit the form - which I did - I should get:
"Submit your form and view the server output. Oops, we don’t have the right CSRF authenticity token (ActionController::InvalidAuthenticityToken) to protect against cross site scripting attacks and form hijacking. If you do not get an error, you used the wrong method from step 1."

Yes, Rails is smart) When u are sending the request to your server, Rails must know from where this request is coming. In short, if your form sending the CSRF token then Rails understand that u send this request, otherwise someone else on your behalf (CSRF attack).
To fix this bug u need to set <%= form_authenticity_token %> in your .erb view. It will generate this input that is below
<input type="hidden" name="authenticity_token" value="your_token_generate_by_rails">
Or for your testing purposes, u can use this in your controller which is processing your request. But never use it in future if you are don't know what are u doing)
skip_before_action :verify_authenticity_token

Hi there fellow Odin student!
It looks like you're doing this lesson. Me too!
It sounds like you're asking about what value to use with action attribute in the form.
When I created a form using the Rails formHelper methods, I inspected the HTML that Rails created when I was previewing the app/website (rails s). By opening up the Developer tools (F12 key, or right click the mouse and choose inspect)I was able to see that the form Rails created had an action equal to the name of the resource, with a forward slash in front of it.
So for your example, the resource created is "users". So the action attribute would be /users
to be complete, the solution would be something like: <form action="/users"...
Hope this helps!

how do I use curl to test my Rails controller create action.. or can I use rspec?

Please bear with me as the Rails guide chooses to not even mention the create action in their API section. My goal is to build a RESTFUL API from which content can be created. Here is what the form looks like after $ curl myapp
<form class="new_blog" id="new_blog" action="/blog" accept-charset="UTF-8" data-remote="true" method="post"><input name="utf8" type="hidden" value="✓" />
<label for="blog_input">Input a String</label>
<textarea class="input-field" name="blog[input]" id="blog_input">
</textarea>
<input type="submit" name="commit" value="Create Blog" />
</form>
I want to POST content through curl... or... can I test this somehow through Rspec?
The goal is that I have a RESTFUL API that allows content to be created through HTTP requests and then gives an HTTP response.

You can use Ruby HTTP Cheat Sheet and create various type of requests directly from Ruby, no need to go to curl for that.

Post a form in the remote url

I have an URL. There is a form in that URL and I know it's name and the form action.
E.g:
url:
www.abc.com/123.html
form:
<form action="POST.php" method="post" name="form">
<input id="id" name="name" type="text">
</form>
My question is how do I post this form and get the response? I have tried several answers but they didn't work well. Any programming language is fine.

this can be done in PHP.
see this Submitting form to remote server.

ActiveModel and path helpers

In a Rails3 app, I want to use resourceful paths for an ActiveModel EntityImage representing image file uploads. In some directory I have these files dir/#{type}/#{id}/#{size}.jpg (which are basically all important fields of that class)
Now, probably, because 'id' is a bad name rails wise (it is not domain wise), when I want to make a delete button, I get a form pointing to:
<form class="button_to" action="/entity_images/test2" method="post">
<div>
<input type="hidden" value="delete" name="_method"/>
<input type="submit" value="Excluir" data-confirm="Certeza?"/>
<input type="hidden" value="4SWGCEfvdrWrj7xBBtlT0CR4EHPzXQaCFWF0/blmKCk=" name="authenticity_token"/>
</div>
</form>
Of course, with this info, I cannot get to my image, I still need to know the type of the entity and the size. How could I make the path helpers do the right thing? Or any other idea, suggestion?

Ok, so I joined the id property from (now) name, type and size and can split that and reconstruct these values

How can I emulate PUT/DELETE for Rails and GWT?

I would like to make my application somewhat REST compliant. I am using Rails on the backend and GWT on the frontend. I would like to do updates and deletes. I realize I can do something like mydomain.com/:id/delete (GET) and accomplish the same thing. However, as I stated previously, I would like to have a REST compliant backend. Thus, I want to do mydomain.com/:id (DELETE) and have it implicitly call my delete method.
Now, it's my understanding that if a browser (my browser is GWT RequestBuilder) doesn't support DELETE/GET, Rails somehow accomplishes this task with a POST and some other url parameter. So, how can I accomplish this with a GWT RequestBuilder?

Rails does this with hidden attributes. The easiest way to figure this out would be to create a new rails application, generate a scaffold and have a look at the HTML in a browser.
Try this:
rails jp
cd jp
./script/generate scaffold RequestBuilder name:string
rake db:migrate
./script/server
Then navigate to http://localhost:3000/request_builders, click on New and have a look at the HTML. You'll see something like:
<form action="/request_builders" class="new_request_builder"
id="new_request_builder" method="post">
<div style="margin:0;padding:0">
<input name="authenticity_token" type="hidden" value="e76..." />
</div>
This is a creation, method is POST. Enter a name, save then Edit:
<form action="/request_builders/1" class="edit_request_builder"
id="edit_request_builder_1" method="post">
<div style="margin:0;padding:0">
<input name="_method" type="hidden" value="put" />
<input name="authenticity_token" type="hidden" value="e76..." />
</div>
Of course the form is sent with POST, but Rails hads a hidden field to simulate a PUT request. Same for deletion, but the scaffold will do it with a bit of Javascript:
var m = document.createElement('input');
m.setAttribute('type', 'hidden');
m.setAttribute('name', '_method');
m.setAttribute('value', 'delete');
To have this work with another front-end, you'll have to both:
Use the same style URL such as /request_builders/1 (RESTful URLs)
Include the hidden fields (Rails trick)

Like #skrat said, the _method=PUT workaround doesn't work for any kind of body where Content-Type is not x-www-form-urlencoded, e.g. XML or JSON. Luckily, there is a header workaround as well:
https://zcox.wordpress.com/2009/06/17/override-the-http-request-method-in-jersey/
So to update a REST resource, just do a POST to its address and add the header X-HTTP-Method-Override: PUT. Rails will interpret this as a PUT to the address.