Forum: Ruby on Rails Rails noob confusion - HTML Form Post to Rails Controller?

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
B6ed12844f7a8a655c3da8bd4d950007?d=identicon&s=25 Jferg (Guest)
on 2008-12-09 09:34
(Received via mailing list)
I have recently been learning and trying to develop some application
parts using Rails.  One issue I may have is that one of the potential
clients will want to have one of their external web pages POST to the
Rails controller.

I tried the naive approach - copy the HTML generated for the Rails
controller action for doing the same POST (Create  of a domain
object).  I had this working, or so I thought until I restarted the
server and the hidden field for the application authenticity_token had
a value which was no longer valid.

I have looked around for various workarounds.

Is there a Rails Way to have an HTML page which is served as <app>/
public/welcome.html be able to do an HTML POST to the Rails
controller?

Is this simply not allowed?

Thanks.
4ddf8432a838f716cc499e43131e5e58?d=identicon&s=25 James Englert (Guest)
on 2008-12-09 15:12
(Received via mailing list)
Its allowed. I think you may need to use something like the following:

protect_from_forgery :only => [:create, ...]

Hope that helps.
B6ed12844f7a8a655c3da8bd4d950007?d=identicon&s=25 Jferg (Guest)
on 2008-12-10 04:15
(Received via mailing list)
Hmmm.... I am not sure.  What I want is to use the create (post) from
outside of Rails from a page from another web app (not Rails).  The
front end does the sign on and other stuff and we are like an add-on.
Does that make sense?  Perhaps that is pure heresy and I should
provide a web service and have the "front end" page call that via
Ajax?

Apologies if that sounds stupid... I am assuming Rails is pretty
capable for implementing web services.. except I thought I read I'd
have to step up and do the forgery protection and such myself.

- John
280b78a61a968391b7e07e912be102a8?d=identicon&s=25 Robert Walker (robert4723)
on 2008-12-11 06:47
> Hmmm.... I am not sure.  What I want is to use the create (post) from
> outside of Rails from a page from another web app (not Rails).  The
> front end does the sign on and other stuff and we are like an add-on.
> Does that make sense?  Perhaps that is pure heresy and I should
> provide a web service and have the "front end" page call that via
> Ajax?
This sounds like an ideal case for a web service. Humm, it's funny that
Rails 2.0 is all about making RESTful web services drop dead simple. You
can do your authentication using HTTP Basic Authentication (easy and
plenty secure for this need when used over SSL).

Scaffold generated code for the create method in the controller:

  # POST /people
  # POST /people.xml
  def create
    @person = Person.new(params[:person])

    respond_to do |format|
      if @person.save
        flash[:notice] = 'Person was successfully created.'
        format.html { redirect_to(@person) }
        format.xml  { render :xml => @person, :status => :created,
:location => @person }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @person.errors, :status =>
:unprocessable_entity }
      end
    end
  end

The two lines beginning with format.xml {... are the important bits.
This allows you to create new people (in this example) using a REST
call. This can be done even from a command line using cURL or from
anything that can send an HTTP POST request. In response you get a nice
tidy XML document that you can use in the "client" application for
reporting the results to the user.
This topic is locked and can not be replied to.