Why can't I hide passed parameters?

I don’t want to reveal ‘agreed_to_disclaimer_at’ to users. What am I
doing wrong?

<%= link_to (‘Continue’, { :controller => ‘people’,
:action => ‘new’,
:post => true,
:agreed_to_disclaimer_at => Time.now},
:confirm => ‘I agree to terms.’) %>

<%= link_to (‘Continue’, { :controller => ‘people’,
:action => ‘new’,
:method => ‘post’,
:agreed_to_disclaimer_at => Time.now},
:confirm => ‘I agree to terms.’) %>

BOTH return URLs of:

http://localhost:3000/people/new?post=true&agreed_to_disclaimer_at=Sat+Nov+18+19%3A49%3A49+-0500+2006

You could always use a button_to and POST it to the server.

Ah I see you are trying to POST it - move the :post option outside of
the url_for hash.

<%= link_to (‘Continue’, { :controller => ‘people’,
:action => ‘new’,
:agreed_to_disclaimer_at => Time.now},
:confirm => ‘I agree to terms.’,
:post => true, ) %>

unknown wrote:

Ah I see you are trying to POST it - move the :post option outside of
the url_for hash.

That makes sense. But I moved it an it still doesn’t work. Wierd, huh?

<%= link_to (‘Continue’, { :controller => ‘people’,
:action => ‘new’,
:agreed_to_disclaimer_at => Time.now},
:post => true,
:confirm => ‘I agree to terms.’) %>

returns:
http://localhost:3000/people/new?agreed_to_disclaimer_at=Sat+Nov+18+20%3A20%3A20+-0500+2006

Taylor S. wrote:

unknown wrote:

Ah I see you are trying to POST it - move the :post option outside of
the url_for hash.

That makes sense. But I moved it an it still doesn’t work. Wierd, huh?

<%= link_to (‘Continue’, { :controller => ‘people’,
:action => ‘new’,
:agreed_to_disclaimer_at => Time.now},
:post => true,
:confirm => ‘I agree to terms.’) %>

returns:
http://localhost:3000/people/new?agreed_to_disclaimer_at=Sat+Nov+18+20%3A20%3A20+-0500+2006

that first hash is sent to url_for and url_for has no idea this is meant
as a post request. As always, if you want to post invisible data, use a
form.

<%= form_tag :controller => ‘people’, :action => ‘new’ %>
<%= hidden_field ‘person’, ‘agreed_to_disclaimer_at’, Time.now %>
<%= submit_tag ‘Continue’ %>

that first hash is sent to url_for and url_for has no idea this is meant
as a post request. As always, if you want to post invisible data, use a
form.

<%= form_tag :controller => ‘people’, :action => ‘new’ %>
<%= hidden_field ‘person’, ‘agreed_to_disclaimer_at’, Time.now %>
<%= submit_tag ‘Continue’ %>

I see. Thanks for our help. I guess :method => ‘post’ is just for
grabbing data and not obscuring parameters. Unfortunately,
ActionController gives me an exception with the new code:

‘undefined method `delete’ for Sun Nov 19 01:37:11 -0500 2006:Time’

I’ve read the documentation and assume it is creating some kind of
object but why would it be trying to call a ‘delete’ method?

Try:

<%= link_to (‘Continue’, { :controller => ‘people’,
:action => ‘new’,
:agreed_to_disclaimer_at => Time.now},
{:confirm => ‘I agree to terms.’,
:method => ‘post’}) %>

Vish