Forum: Ruby on Rails ssl_required and form_tag

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
06fa952559609d00a12ad22d74335282?d=identicon&s=25 Fritz Anderson (fritza)
on 2008-12-11 20:31
I don't quite understand how ssl_required interacts with forms in Ruby
on Rails.

I've installed the ssl_requirement plugin, and listed one of my
form-submission actions (:assign_building) in an ssl_required
declaration. The form is shown at the end of this message.

The form includes a select_tag to collect a parameter tagged as
:building_id.

If :assign_building is listed in ssl_required, params does not include
the :building_id key. If it's not in ssl_required, :building_id is in
params.

I should mention that I have defined default_url_options to set
:protocol => "https://".

How do I ensure that my form will be submitted via SSL, and keep all its
parameters? I'm pretty sure I'm missing a concept here, but of course
I'm too ignorant to know what that concept might be.

ruby 1.8.6 (2008-03-03 patchlevel 114) [universal-darwin9.0]
Rails 1.2.6

    -- F

===
<% form_tag :controller => :people, :action => :assign_building, :id =>
@person do %>
    <% buildings = Building.find(:all, :order => 'facility_location,
building').collect { |b| [ b.building, b.id ] } -%>
    <% bldg_opts = options_for_select(buildings, @person.building_id)
-%>
    <%= select_tag :building_id, bldg_opts  %>
    <%= submit_tag "Set" %>
<% end -%>
===

Partial log when ssl_required is in effect:

Processing PeopleController#assign_building (for <an IP> at 2008-12-11
13:11:50) [GET]
  Session ID: 31c980c882ed498eaed93fcb08916d63
  Parameters: {"action"=>"assign_building", "id"=>"5",
"controller"=>"people"}
06fa952559609d00a12ad22d74335282?d=identicon&s=25 Fritz Anderson (fritza)
on 2008-12-11 21:12
Fritz Anderson wrote:
...
> The form includes a select_tag to collect a parameter tagged as
> :building_id.
>
> If :assign_building is listed in ssl_required, params does not include
> the :building_id key. If it's not in ssl_required, :building_id is in
> params.
>
> I should mention that I have defined default_url_options to set
> :protocol => "https://".
>
> How do I ensure that my form will be submitted via SSL, and keep all its
> parameters? I'm pretty sure I'm missing a concept here, but of course
> I'm too ignorant to know what that concept might be.

I added the action that presents the form to ssl_required. Form inputs
then once again appeared in the params hash.

My problem is no longer acute, but I don't quite understand why the
solution works. Is it that the form isn't presented as https, so the
form action isn't https? And the form data gets lost in the ssl_required
redirection?

I'd really appreciate it if someone could relieve my conceptual block
here.

    -- F
A91bd6cef23eb3516245a092e196c4da?d=identicon&s=25 Maurício Linhares (mauricio)
on 2008-12-11 21:15
(Received via mailing list)
On Thu, Dec 11, 2008 at 5:12 PM, Fritz Anderson
<rails-mailing-list@andreas-s.net> wrote:
> My problem is no longer acute, but I don't quite understand why the
> solution works. Is it that the form isn't presented as https, so the
> form action isn't https? And the form data gets lost in the ssl_required
> redirection?

You answered it for youself, if the form isn't shown in a SSL context,
it will not post to a SSL page unless you make the form action point
to a SSL page. And post data is lost when you are redirected.

-
Maurício Linhares
http://alinhavado.wordpress.com/ (pt-br) | http://blog.codevader.com/
(en)
This topic is locked and can not be replied to.