Rails noob confusion - HTML Form Post to Rails Controller?

Jferg · December 9, 2008, 2:46am

I have recently been learning and trying to develop some application parts using Rails. One issue I may have is that one of the potential clients will want to have one of their external web pages POST to the Rails controller.

I tried the naive approach - copy the HTML generated for the Rails controller action for doing the same POST (Create of a domain object). I had this working, or so I thought until I restarted the server and the hidden field for the application authenticity_token had a value which was no longer valid.

I have looked around for various workarounds.

Is there a Rails Way to have an HTML page which is served as <app>/ public/welcome.html be able to do an HTML POST to the Rails controller?

Is this simply not allowed?

Thanks.

James_Englert · December 9, 2008, 2:10pm

Its allowed. I think you may need to use something like the following:

protect_from_forgery :only => [:create, …]

Hope that helps.

Jferg · December 10, 2008, 3:14am

Hmmm.... I am not sure. What I want is to use the create (post) from outside of Rails from a page from another web app (not Rails). The front end does the sign on and other stuff and we are like an add-on. Does that make sense? Perhaps that is pure heresy and I should provide a web service and have the "front end" page call that via Ajax?

Apologies if that sounds stupid... I am assuming Rails is pretty capable for implementing web services.. except I thought I read I'd have to step up and do the forgery protection and such myself.

- John

11175 · December 11, 2008, 5:47am

Hmmm.... I am not sure. What I want is to use the create (post) from outside of Rails from a page from another web app (not Rails). The front end does the sign on and other stuff and we are like an add-on. Does that make sense? Perhaps that is pure heresy and I should provide a web service and have the "front end" page call that via Ajax?

This sounds like an ideal case for a web service. Humm, it's funny that Rails 2.0 is all about making RESTful web services drop dead simple. You can do your authentication using HTTP Basic Authentication (easy and plenty secure for this need when used over SSL).

Scaffold generated code for the create method in the controller:

# POST /people # POST /people.xml def create @person = Person.new(params[:person])

respond_to do |format| if @person.save flash[:notice] = 'Person was successfully created.' format.html { redirect_to(@person) } format.xml { render :xml => @person, :status => :created, :location => @person } else format.html { render :action => "new" } format.xml { render :xml => @person.errors, :status => :unprocessable_entity } end end end

The two lines beginning with format.xml {... are the important bits. This allows you to create new people (in this example) using a REST call. This can be done even from a command line using cURL or from anything that can send an HTTP POST request. In response you get a nice tidy XML document that you can use in the "client" application for reporting the results to the user.