Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/vergilet/repost
Redirect using POST method
https://github.com/vergilet/repost
html-form post rails redirect redirect-post repost ruby sinatra
Last synced: about 1 month ago
JSON representation
Redirect using POST method
- Host: GitHub
- URL: https://github.com/vergilet/repost
- Owner: vergilet
- License: mit
- Created: 2019-01-23T23:36:31.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2024-02-25T10:20:18.000Z (9 months ago)
- Last Synced: 2024-09-28T12:03:54.743Z (about 1 month ago)
- Topics: html-form, post, rails, redirect, redirect-post, repost, ruby, sinatra
- Language: Ruby
- Homepage: https://vergilet.github.io/repost
- Size: 64.5 KB
- Stars: 84
- Watchers: 3
- Forks: 12
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
Gem **Repost** implements Redirect using POST method.
Implementation story and some details in the following article [Redirect using POST in Rails](https://medium.com/@momlookhowican/redirect-using-post-in-rails-5748da354343).
[](https://badge.fury.io/rb/repost)
[](https://app.travis-ci.com/github/vergilet/repost)
## Installation
Add this line to your application's Gemfile:
```ruby
gem 'repost'
```
And then execute:
$ bundle
Or install it yourself as:
$ gem install repost
## What problem does it solve?
When you need to send some parameters to an endpoint which should redirect you after execution. There wouldn't be a problem if an endpoint receives [GET], because you can just use:
```ruby
redirect_to entity_url(id: @model.id, token: model.token...)
```
But when an endpoint receives [POST], you have to generate html form and submit it. So `repost` gem helps to avoid creation of additional view with html form, just use `redirect_post` method instead.
I faced with this problem when was dealing with bank transactions. You can see the approximate scheme:
> **P.S. The `repost` gem was initially created in response to the redirection process required by [Adyen 3D Secure 1](https://docs.adyen.com/online-payments/classic-integrations/api-integration-ecommerce/3d-secure/3d-secure-1/#step-2-redirect-to-the-card-issuer), which often involved creating an HTML form and submitting it via POST.
However, with the advent of 3D Secure 2, which aims for a more integrated authentication experience, the use of such forms for POST submissions has not been encountered. 3D Secure 2 typically manages authentication data exchanges in the background, potentially eliminating the need for manual form submission.**
## Usage
If you use Rails, gem automatically includes helper methods to your controllers:
```ruby
repost(...)
```
and, as an alias
```ruby
redirect_post(...)
```
*Under the hood it calls `render` method of current controller with `html:`.*
### Example in Rails app:
```ruby
class MyController < ApplicationController
...
def index
repost(...)
end
...
# or
def show
redirect_post(...)
end
end
```
______________
If you use Sinatra, Roda or etc., you need to require it first somewhere in you project:
```ruby
require 'repost'
```
Then ask senpai to generate a string with html:
```ruby
Repost::Senpai.perform(...)
```
### Example in Sinatra, Roda, etc. app:
```ruby
class MyController < Sinatra::Base
get '/' do
Repost::Senpai.perform(...)
end
end
```
#### *Reminder:*
- *In Rails app use `repost` or `redirect_post` method in your controller which performs 'redirect' when it is called.*
- *In Sinatra, Roda, etc. app or if you need html output - call Senpai*
#### Full example:
*UPD: authenticity token is **turned off** by default. Use `:auto` or `'auto'` to turn on default authenticity token from Rails. Any other string value would be treated as custom auth token value.*
```ruby
# plain ruby
# Repost::Senpai.perform('http://......)
# Rails
redirect_post('http://examp.io/endpoint', # URL, looks understandable
params: {
a: 1,
'b': { "c": 2 },
d: [ 3, 4, 5 ],
e: { f: 'string', g: [ 6, 7, 8 ] }
}, # Your request body, also nested params and arrays
options: {
method: :post, # OPTIONAL - DEFAULT is :post, but you can use others if needed
status: :ok, # OPTIONAL - DEFAULT is :ok. This is the http status that the form will be returned with.
authenticity_token: 'auto', # OPTIONAL - :auto or 'auto' for Rails form_authenticity_token, string - custom token
charset: 'Windows-1251', # OPTIONAL - DEFAULT is "UTF-8", corresponds for accept-charset
form_id: 'CustomFormID', # OPTIONAL - DEFAULT is autogenerated
autosubmit: false, # OPTIONAL - DEFAULT is true, if you want to get a confirmation for redirect
autosubmit_nonce: '1d3n7i4ier', # RAILS - DEFAULT is content_security_policy_nonce, for pure Ruby - string identifier, more info - https://edgeguides.rubyonrails.org/security.html#content-security-policy
decor: { # If autosubmit is turned off or Javascript is disabled on client
section: { # ... you can decorate confirmation section and button
classes: 'red-bg red-text', # OPTIONAL -
section, set classNames, separate with space
html: 'Press this button, dude!
' # OPTIONAL - Any html, which will appear before submit button
},
submit: {
classes: 'button-decorated round-border', # OPTIONAL - with type submit, set classNames, separate with space
text: 'c0n71nue ...' # OPTIONAL - DEFAULT is 'Continue'
}
}
}
)
```
### Authenticity Token (Rails)
Currently you can pass the **authenticity token** in two ways:
* Recommended:
*Use `options` and `:auto` to pass the auth token. That should protect you from any implementation changes in future Rails versions*
```ruby
redirect_post('https://exmaple.io/endpoint', options: {authenticity_token: :auto})
```
* Or, it is still valid to:
*use `params` and `form_authenticity_token` method directly from ActionController*
```ruby
redirect_post('https://exmaple.io/endpoint', params: {authenticity_token: form_authenticity_token})
```
## License
The gem is available as open source under the terms of the MIT License.
Copyright © 2019 Yaro.
[](https://raw.githubusercontent.com/vergilet/repost/master/LICENSE.txt)
**That's all folks.**