New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rails support should handle normal hidden tags #5
Comments
I don't think that forme's Rails support should do something just because Rails I do agree that the authenticity_token should be added automatically for forms using Personally, I've always thought that Rails' way of trying to fake HTTP verbs that browsers do not support is stupid. I suppose there are Rails applications that rely on it (though none of my Rails apps do), but as it is not strictly necessary, I don't think the The That's not to say that we can't add options that add the Ideally the underlying implementation for this this would be something transformer-like that is applied to all new Form objects at the end of Form#initialize. The tricky thing about it is making sure the transformer has the ability to access the necessary context containing the authenticity token. |
Is there a better approach than using |
Personally, since browsers only do GET and POST, I don't use other HTTP verbs for actions that I want a browser to execute. For non-browser based applications, I think other HTTP verbs are fine. Considering that forme is a HTML form library designed for browsers, by design it only uses GET and POST. I do understand playing the hand you've been dealt, and certainly think it would be generally be useful to have a transformer/callback so that all forms created by forme can be modified in a way that suits the app, instead of having to do the same modifications in each call. This even affects my personal usage of forme, since currently I have to add CSRF tags to all POST forms manually. |
Please give this a shot and let me know if it works for you. I think it should be flexible enough to handle most needs. |
The built-in Rails
form_for
helper sets up some hidden tags that Rails essentially needs to process forms correctly under normal circumstances. These include autf8
field, the HTTP method (as_method
), and theauthenticity_token
for CSRF protection. I guessremote
is another if using the remote form stuff, but I don't think that really needs to be handled.The text was updated successfully, but these errors were encountered: