469,342 Members | 5,918 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,342 developers. It's quick & easy.

How to simulate post method while redirecting to new URL?

Hi Coders,
I have to redirect from my server to the different server page by simulating the POST method submit from the Controller file, I tried using post_via_redirect, but could not succeed... though redirect_to just redirects to given URL, I need to pass parameters using POST.
Configurations:
Rails 1.2.3,
ruby 1.8.6 (2007-03-13 patchlevel 0) [i686-linux]
Linux 2.6.9-42 box.

I used the following code in the action method:
post_via_redirect("http://some_site:8080/login.xhtml",{:userName => 'login_id', :password => 'some_password'})
which failed to redirect and asking for the file template with the action name.

if I use redirect_to ("http://some_site:8080/login.xhtml") it will take me to login page, which I dont want, I should directly login without entering username and password.

If I call this page using HTML form Submit (POST method with username and password) it directly logs into the system.
Ex:
Expand|Select|Wrap|Line Numbers
  1.   <form method=post action="http://some_site:8080/login.xhtml">
  2.   <input type="hidden" id="userName" name="userName" value="login_id" >
  3.   <br>
  4.   <input type="hidden" id="password" name="password" value="some_password" > 
  5.   <br>
  6.   <input type="submit" value="submit">
  7.  
Scenario explained in detail :
I have to click on the button in my home page, which calls a Controler/action
in that action, I need to redirect to new url (ex: http://new_site:8080/login)
while redirecting, I need to post the username and password as a POST arguments and NOT in the URL (get method).

If there are any Sample code, it will be very helpful.

Thanks,
Chandu
Sep 12 '08 #1
6 29418
improvcornartist
303 Expert 100+
I've never tried to do that before, so my only thought is to try
Expand|Select|Wrap|Line Numbers
  1. redirect_to("http://some_site:8080/login.xhtml?userName=login_id&password=some_password)
Sep 12 '08 #2
I've never tried to do that before, so my only thought is to try
Expand|Select|Wrap|Line Numbers
  1. redirect_to("http://some_site:8080/login.xhtml?userName=login_id&password=some_password)
Thanks for replying, but as you can see, sending username and password is security prone, and which is not the desired solution, we need to hide the username and password from displaying it in the firebug and sort of it(which displays the entire GET parameters in the URL).

And the other server code (which is maintained by others) works only for POST method, and GET method from URL is not handled.

If you have any other solution, that would be a great helpful.
Sep 15 '08 #3
I got a round about solution for that, I created a rhtml page in the name of action, and added the FORM with method=post, and generated the html, at the end of the form, I used the script to submit the form, this works very quick (though I have added a Loading... icon in the div to avoid seeing the blank page just in case).

File: app/controllers/my_redirect_controler.rb
Expand|Select|Wrap|Line Numbers
  1. ...
  2. def redirect_post
  3. end
  4. ...
  5.  
Inside app/views/my_redirect/redirect_post.rhtml
Expand|Select|Wrap|Line Numbers
  1. <html>
  2. <body>
  3. <form method=post action="http://some_site:8080/login.xhtml" id='my_form'>
  4. <input type="hidden" id="userName" name="userName" value="login_id" >
  5. <input type="hidden" id="password" name="password" value="some_password" >
  6. </form>
  7.   <script>
  8.     document.getElementById("my_form").submit()
  9.   </script>
  10.  </body>
  11. </html>
  12.  
So, now from the index page if I have a link which links to the action->controller
Expand|Select|Wrap|Line Numbers
  1. <%= link_to( image_tag("Redirect.gif"), {:controller=>'my_redirect', :action => "redirect_post"})%>
  2.  
This will solve me the problem I was facing.

Cheers..
Sep 17 '08 #4
improvcornartist
303 Expert 100+
That sounds like that should work. Alternatively, could you put the form on the index page, so when you click the link, it submits the form instead of redirecting? That might save you the redirect page and you wouldn't have to use javascript.
Sep 17 '08 #5
niklas
1
I think that this is still a security hole, big enough to build a highway through...
You are still sending the username & password to the user's computer and posting it from there then.
If the user doesn't have JS activated, the form will never be posted, so she will be able to look in the source and see the response there. (or with JS enabled even more easier, simply click on the request in firebug and see the post values there). By the way: the same is true for search engines...
Oct 8 '08 #6
MMcCarthy
14,534 Expert Mod 8TB
This thread is closed to posting due to repeated spamming.
Oct 7 '10 #7

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

15 posts views Thread by Thomas Scheiderich | last post: by
4 posts views Thread by VB Programmer | last post: by
9 posts views Thread by WJ | last post: by
5 posts views Thread by Bob Bedford | last post: by
reply views Thread by suresh191 | last post: by
1 post views Thread by haryvincent176 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.