0

I want to redirect_to a different Rails page, as well as pass some parameters which can be accessed in the other controller action. If I do it like this, it's a GET call by default(as per the HTTP specification), which means that the parameters will be visible in the URL (which is not a good idea.) 

Controller1
Action1
  redirect_to path_to_action2(:parameters => "values")
end

Controller2
Action2
  #...parameters to be accessed here
end

A way of doing this can be introducing an intermediate step, by creating a POST form which displays a Dummy message to the user and makes the POST call for us. But I don't want to introduce an extra step, then how to do so?

Jatin Ganhotra
  • 6,825
  • 6
  • 48
  • 71
  • 1
    I think your answer is here [redirect_to using POST in rails](http://stackoverflow.com/questions/985596/redirect-to-using-post-in-rails) – codevoice Dec 15 '10 at 11:14
  • I have allready gone through that question, in case you didn't read my question well. The answer to the question in the link above is to add an intermediate step, which I don't want to and that I have mentioned above. If you know another way of doing this, please let me know. – Jatin Ganhotra Dec 15 '10 at 14:18
  • i read your question carefully. The first sentence there was 'Redirection isn't possible with POST requests', Did you read it carefully? I think it's answer to your question. – codevoice Dec 15 '10 at 15:24

1 Answers1

1

Because of the way HTTP works, there is no way to do what you're asking. Every redirect is a GET. So why don't you like the parameters to be visible? How important is this?

Flash messages do something similar. They store the message in the users session and destroy it in the next request. You could use that. I would try to avoid this kind of message passing first though.

iain
  • 16,204
  • 4
  • 37
  • 41
  • Its very important that the parameters are hidden and not shown in the url. What are the security issues if we use flash messages to do this.? – Jatin Ganhotra Dec 15 '10 at 14:16
  • Sessions (so also flash message), although they can be encrypted are sent to the browsers, so they can never be 100% safe. You'll need to store it on the server to be really safe. Also, you cannot guarantee that the session will be sent next time. And it's not RESTful either. – iain Dec 15 '10 at 14:45