Aaron said the following on 02/16/2007 01:03 AM:
Does that mean a redirect_to() doesn’t actually go out to the client browser
and back again?
redirect_to() DOES go back to the browser and redirect it to a new
page. However, render() does not.
In that case does redirect_to() interact with the routes.rb ?
Yes, redirect_to() is routed just like any other request.
Ah.
That was what was making a mess of my error handling.
I had, as I mentioned in an earlier post, tried an “Oops” handler so
that it
could handle a vast number of partials & views for the various error
conditions and have a “method_missing” for the ones I hadn’t got around
to
doing a specific view for.
But without some line in the routes.rb is won’t work.
OBTW: I’m using routes.rb as a security tool - sort-of - by limiting the
legal routes and format of the parameters. I’m strenuously trying to
avoid
‘leaking’ information about internals - names of controls, actions - so
that
hackers cant try, for example, stepping through ID numbers.
So am I better with
if cando = false
redirect_to( :controller => Oops,
:action => ‘accessdenied’,
:type => ‘alarm’,
:message => ‘no_permission_to_view’,
:return_to => saved_url,
)
else
…
end
or with
if cando false
render(:template => “oops/accessdenied”
:type => ‘alarm’,
:message => ‘no_permission_to_view’,
:return_to => saved_url,
)
…
Hmm. Perhaps I need to find another way to do the hadnling of the
‘saved_url’.
Advice?
–
Any sufficiently advanced technology is indistinguishable from magic.
– Arthur C. Clarke