Home > Mobile >  How to hidden query-string in Rails
How to hidden query-string in Rails

Time:01-05

I wanna pass to a resource in a request for example

# Go to payment link
<%= link_to 'Payment', checkout_path(pricing: amount.id) %>

When I go to payment link the url path is the next:

  http://localhost:3000/checkout?pricing=amount_2aHUHuhdn23jnSJd

I'd like to hidden the query-string "pricing=amount_2aHUHuhdn23jnSJd" without have to used any gem

UPDATE QUESTION 31/12

This request is of type Get since I need to show the different prices to the user, that's why the parameter pass (pricing: amount.id)

<%= link_to 'Payment', checkout_path(pricing: amount.id) %>

get 'checkout', to: 'subscriptions#checkout'

I'd appreciate your time and your grain of sand

CodePudding user response:

I'm not quite sure what you mean without seeing your routes.rb file. As mentioned by @Deepak Kumar to hide query from your url you should use POST request. Have a look at this guide. You can add below

post 'payment', to: 'checkout#payment'

In your routes.rb. This will call Payment action from your CheckoutsController

CodePudding user response:

When the value is sensitive then hiding the value doesn't really fix the problem. Instead, I would suggest encrypting the value in the URL or to use another non-sensitive value instead.

  1. Value encryption

You could use Rails MessageEncryptor to encrypt the value before passing it to the URL and decrypt it later in the controller again.

# in app/models/url_encrypter.rb
module URLEncrypter
  ENCRYPTER = ActiveRecord::MessageEncryptor.new(
    Rails.application.secrets.secret_key_base
  )

  def encrypt(value)
    ENCRYPTOR.encrypt_and_sign(value, purpose: :url)
  end

  def decrypt(value)
    ENCRYPTOR.decrypt_and_verify(value, purpose: :url)
  end
end

# when building the URL
<%= link_to 'Payment', checkout_path(pricing: URLEncrypter.encyrpt(amount.id)) %>

# when reading the param in the controller
pricing = URLEncrypter.decyrpt(params[:pricing])
amount = Amount.find(pricing)
  1. Have a second non-sensitive, unique identifier

Here you add a second unique identifier to your database table, for example, a column named uuid which you could populate automatically in a before_save callback with self.uuid = SecureRandom.uuid

You can then use its value instead of the id like this:

# when building the URL
<%= link_to 'Payment', checkout_path(pricing: amount.uuid) %>

# when reading the param in the controller
amount = Amount.find_by(uuid: params[:pricing])

CodePudding user response:

You could store it in the Session. Store it when the user enters the page, clear it when user clicks a link. Be careful because it will only live within the session. It will be stored as a cookie, and have a 4kb limit for data.

Page link:https//www.codepudding.com/Mobile/250715.html

Prev:Rspec automatically run file which are having _spec suffix but if I want to other file also which do
Next:Validate all elements of an array
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding