I am currently using a link_to helper in View to pass parameters like title , author ,image_url and isbn back to controller
我目前在View中使用link_to帮助程序将title,author,image_url和isbn等参数传递给控制器
<%= link_to 'Sell this item',new_item_path(:title => title, :author => authors, :image_url=>image, :image_url_s=>image_s, :isbn=>isbn, :isbn13=>isbn13 ) %>
Controller will then assign the parameters to an object to be used by a form in View later(in new.html.erb)
然后,Controller将参数分配给稍后在View中的表单使用的对象(在new.html.erb中)
def new
@item = Item.new
@item.title = params[:title]
@item.author = params[:author]
@item.image_url = params[:image_url]
@item.image_url_s = params[:image_url_s]
@item.isbn = params[:isbn]
@item.isbn13 = params[:isbn13]
respond_to do |format|
format.html # new.html.erb
format.xml { render :xml => @item }
end
end
new.html.erb will then be called. This is all working fine but the url shows all the parameters
然后将调用new.html.erb。这一切都正常,但网址显示所有参数
http://localhost:3000/items/new?author=Michael+Harvey&image_url=http://ecx.images-amazon.com/images/I/51vt1uVjvLL._SL160_.jpg&image_url_s=http://ecx.images-amazon.com/images/I/51vt1uVjvLL._SL75_.jpg&isbn13=9780307272508&isbn=0307272508&title=The+Third+Rail
Is there any way I can make the parameters not show up on the URL?
有什么办法可以让参数不显示在URL上吗?
4 个解决方案
#1
7
Maybe you could encode the parameters and decode them in the controller to deter users who may want to modify the url? Might be overkill but...
也许您可以编码参数并在控制器中解码它们以阻止可能想要修改网址的用户?可能有点矫枉过正,但......
>> author=ActiveSupport::Base64.encode64("author=jim")
=> "YXV0aG9yPWppbQ==\n"
>> ActiveSupport::Base64.decode64(author)
=> "author=jim"
#2
4
A POST can be used to move the parameters out of the URL and into the request, but this is not the "correct" or best practice. HTTP standards are such that non-GET requests are meant to be used only for requests that change state on the server. This is why you get a warning when you refresh a page that was generated in response to a POST.
POST可用于将参数移出URL并进入请求,但这不是“正确”或最佳做法。 HTTP标准使得非GET请求仅用于在服务器上更改状态的请求。这就是您刷新响应POST时生成的页面时收到警告的原因。
There is nothing wrong with having parameters in the URL. So much focus should not be made on what appears to the URL bar, let alone what's after the ?. If however you have some need (i.e. insistence of a client) to remove them, you have several options, two of which John mentions.
在URL中使用参数没有任何问题。不应该关注URL栏上显示的内容,更不用说后面的内容了。但是,如果你有一些需要(即坚持客户)去除它们,你有几种选择,其中两种是John提到的。
I'm assuming your "new" action is REST-style, in that it's generating a form that would have to be submitted to change state on the server. Therefore your options might be:
我假设您的“新”操作是REST风格,因为它生成的表单必须提交到服务器上的更改状态。因此,您的选择可能是:
- Use POST, even though it's not standard compliant. Not recommended.
- 使用POST,即使它不符合标准。不建议。
- Use AJAX GET. This requires javascript, and ajax handling does add requirements such as the use of a JS framework and testing.
- 使用AJAX GET。这需要javascript,并且ajax处理确实增加了诸如使用JS框架和测试之类的要求。
- Use GET (or POST), but capture the parameters and store them, the redirect the user back to another clean URL that displays those stored value. You could store those in the session hash, or create a database record of them. Actually you really should use POST in this case, since you are effectively changing state on the server by storing those parameters. In this case, if the user refreshes the page he is directed to, those parameters will be preserved. This effectively removes the browser warning on refresh, something I can certainly appreciate.
- 使用GET(或POST),但捕获参数并存储它们,将用户重定向回另一个显示这些存储值的干净URL。您可以将它们存储在会话哈希中,或者创建它们的数据库记录。实际上你应该在这种情况下使用POST,因为你通过存储这些参数有效地改变了服务器上的状态。在这种情况下,如果用户刷新他被引导到的页面,那么将保留这些参数。这有效地消除了刷新时的浏览器警告,我当然可以理解。
#3
2
There are two options that I can see and both involve JavaScript:
我可以看到两个选项,都涉及JavaScript:
- Have the link populate hidden form fields for the parameters and then submit the form using an HTTP POST request
- 让链接填充参数的隐藏表单字段,然后使用HTTP POST请求提交表单
- Have the link submit an AJAX request to the controller action (using an HTTP GET unless clicking the link changes server-side state, in which case a POST should be used)
- 让链接向控制器操作提交AJAX请求(使用HTTP GET,除非单击链接更改服务器端状态,在这种情况下应使用POST)
I think I would go with the second approach.
我想我会采用第二种方法。
#4
0
Why not write them to the session? It looks like you might have less than 4k in data there. Just remember to wipe it.
为什么不把它们写入会话?看起来你的数据可能不到4k。只记得擦拭它。
#1
7
Maybe you could encode the parameters and decode them in the controller to deter users who may want to modify the url? Might be overkill but...
也许您可以编码参数并在控制器中解码它们以阻止可能想要修改网址的用户?可能有点矫枉过正,但......
>> author=ActiveSupport::Base64.encode64("author=jim")
=> "YXV0aG9yPWppbQ==\n"
>> ActiveSupport::Base64.decode64(author)
=> "author=jim"
#2
4
A POST can be used to move the parameters out of the URL and into the request, but this is not the "correct" or best practice. HTTP standards are such that non-GET requests are meant to be used only for requests that change state on the server. This is why you get a warning when you refresh a page that was generated in response to a POST.
POST可用于将参数移出URL并进入请求,但这不是“正确”或最佳做法。 HTTP标准使得非GET请求仅用于在服务器上更改状态的请求。这就是您刷新响应POST时生成的页面时收到警告的原因。
There is nothing wrong with having parameters in the URL. So much focus should not be made on what appears to the URL bar, let alone what's after the ?. If however you have some need (i.e. insistence of a client) to remove them, you have several options, two of which John mentions.
在URL中使用参数没有任何问题。不应该关注URL栏上显示的内容,更不用说后面的内容了。但是,如果你有一些需要(即坚持客户)去除它们,你有几种选择,其中两种是John提到的。
I'm assuming your "new" action is REST-style, in that it's generating a form that would have to be submitted to change state on the server. Therefore your options might be:
我假设您的“新”操作是REST风格,因为它生成的表单必须提交到服务器上的更改状态。因此,您的选择可能是:
- Use POST, even though it's not standard compliant. Not recommended.
- 使用POST,即使它不符合标准。不建议。
- Use AJAX GET. This requires javascript, and ajax handling does add requirements such as the use of a JS framework and testing.
- 使用AJAX GET。这需要javascript,并且ajax处理确实增加了诸如使用JS框架和测试之类的要求。
- Use GET (or POST), but capture the parameters and store them, the redirect the user back to another clean URL that displays those stored value. You could store those in the session hash, or create a database record of them. Actually you really should use POST in this case, since you are effectively changing state on the server by storing those parameters. In this case, if the user refreshes the page he is directed to, those parameters will be preserved. This effectively removes the browser warning on refresh, something I can certainly appreciate.
- 使用GET(或POST),但捕获参数并存储它们,将用户重定向回另一个显示这些存储值的干净URL。您可以将它们存储在会话哈希中,或者创建它们的数据库记录。实际上你应该在这种情况下使用POST,因为你通过存储这些参数有效地改变了服务器上的状态。在这种情况下,如果用户刷新他被引导到的页面,那么将保留这些参数。这有效地消除了刷新时的浏览器警告,我当然可以理解。
#3
2
There are two options that I can see and both involve JavaScript:
我可以看到两个选项,都涉及JavaScript:
- Have the link populate hidden form fields for the parameters and then submit the form using an HTTP POST request
- 让链接填充参数的隐藏表单字段,然后使用HTTP POST请求提交表单
- Have the link submit an AJAX request to the controller action (using an HTTP GET unless clicking the link changes server-side state, in which case a POST should be used)
- 让链接向控制器操作提交AJAX请求(使用HTTP GET,除非单击链接更改服务器端状态,在这种情况下应使用POST)
I think I would go with the second approach.
我想我会采用第二种方法。
#4
0
Why not write them to the session? It looks like you might have less than 4k in data there. Just remember to wipe it.
为什么不把它们写入会话?看起来你的数据可能不到4k。只记得擦拭它。