HTTP status code 302
HTTP Status Codes
Firstly, a 30x
response means "Resource Moved".
301
responses are used by many SEO people to denote permanent relocation of resources. 302
not so common, but still means a similar thing.
Every time you send & receive HTTP requests, you're going to receive a status code. The typical is the 200
response -- status success!
What you're seeing is the redirect_to
command in action -
if @owner.save!
flash[:notice] = ...
redirect_to owners_path
I've never used PAW before, but I assume it's just giving you the pure response of the server, which would in this case be a 30x
"Resource Moved" code.
I would expect a typical browser request to load the redirected route and display its yield on the screen.
Server
As a way to test this, you should attempt the same transaction in your browser:
lvh.me:3000/orders
(lvh.me is a domain routed to your own localhost which helps with subdomains in Rails)
This will give you the ability to test and see what happens with the responses. You *should * find that your data has been saved to the database (albeit SQLite3 in your case).
Syntax
Finally, you need to ensure you're using the correct syntax in your code.
Specifically:
#app/controllers/owners_controller.rb
class OwnersController < ApplicationController
...
def create
@owner = Owner.new owner_params
end
private
def owner_params
params.require(:owner).permit(:name, :password, :password_confirmation)
end
end
You'll also want to look at bcrypt-ruby
for protecting your passwords.
Testing
I tend to just test my Rails apps with standard browser functionality.
This means you can run the Rails Server
($ rails s
in your console), which you'll then be able to then access through your browser.
You're trying to use this PAW thing, which is okay, but doesn't give you much flexibility in regard to the user-interactivity of the app (for example, submitting real forms etc)...
In your case, I'd do the following:
#app/views/orders/new.html.erb
<%= form_for @order do |f| %>
<%= f.text_field :name %>
<%= f.password_field :password %>
<%= f.password_field :password_confirmation %>
<%= f.submit %>
<% end %>
You'd then access lvh.me:3000/orders/new
and submit the form. This will show you how it responds!
HTTP
Okay here's the deal with HTTP requests...
Whenever you send a piece of transactional data to your web application, you do it through an HTTP request. HTTP requests are just a way to send data through the "Internet".
With Rails based apps, this means that every time you "do" something in the app, you're really sending an HTTP request to your web server. Rails interprets this request and sends a response. This response is what your question is about.
You're asking about receiving 302
responses - this is the web server's way of saying you've been redirected. It's pretty basic stuff to be honest; your browser handles most of it.
A great tutorial can be found here:
Alright then your error is as follows:
Can't verify CSRF token authenticity
I can elaborate more on this later, but for now, you might want to look up this solution: WARNING: Can't verify CSRF token authenticity in case of API development
Coding John
Updated on June 13, 2022Comments
-
Coding John almost 2 years
Im working on my Rails Backend in Ruby and i want to post Data to this server. But if i do a Post-request with PAW i get redirected. Im a newbie to Http Requests. Could someone explain me the functionality and how to use http post requests?
i want to post information on my server's datanase (sqlite3).
Here's a screenshot which should explain everything:
how does this work? please explain :) thanks. greetings John
and here's the code:
OwnersController:
#app/controllers/owners_controller.rb class OwnersController < SessionsController respond_to :html before_action :owner_find, only: [:show, :edit, :update, :destroy] def index @owners = Owner.all end def show end def update @owner = Owner.find(params[:id]) if @owner.update(owner_params) redirect_to @owner else render 'edit' end end def new @owner = Owner.new end def destroy @owner.destroy redirect_to owners_path end def edit end def create @owner = Owner.new owner_params if @owner.save! flash[:notice] = 'You signed up successfully' flash[:color]= 'valid' redirect_to owners_path else flash[:notice] = 'Form is invalid' flash[:color]= 'invalid' render 'new' end end private def owner_find @owner = Owner.find(params[:id]) end def owner_params params.require(:owner).permit(:name, :password, :password_confirmation, :token) end end
SessionController:
class SessionsController < ApplicationController before_filter :authenticate_user, :except => [:login, :login_attempt] def login #goes to Login Form end def logout session[:owner_id] = nil redirect_to :action => 'login' end def login_attempt authorized_user = Owner.authenticate_by_name(params[:login_name],params[:login_password]) if authorized_user session[:owner_id] = authorized_user.id flash[:notice] = "Wow Welcome again, you logged in as #{authorized_user.name}" redirect_to welcome_index_path else flash[:notice] = 'Invalid Username or Password' flash[:color]= 'invalid' render 'login' end end end
Console Logs:
from web-request (http://192.168.2.144:3000/owners?name=hans&password=hans321&password_confirmation=hans321)
Started GET "/owners?name=hans&password=[FILTERED]&password_confirmation=[FILTERED]" for 192.168.2.144 at 2015-10-01 12:12:18 +0200 Cannot render console from 192.168.2.144! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by OwnersController#index as HTML Parameters: {"name"=>"hans", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"} Owner Load (0.1ms) SELECT "owners".* FROM "owners" WHERE "owners"."id" = ? LIMIT 1 [["id", 2]] Owner Load (0.1ms) SELECT "owners".* FROM "owners" Rendered owners/index.html.erb within layouts/application (1.8ms) Completed 200 OK in 60ms (Views: 58.9ms | ActiveRecord: 0.2ms)
It's telling 200 ok but nothing happens in the DB.
from Paw-Request (so i can use post. btw. how do i use post in browser request?
Started POST "/owners?name=hans&password=[FILTERED]&password_confirmation=[FILTERED]" for 192.168.2.144 at 2015-10-01 12:12:45 +0200 Cannot render console from 192.168.2.144! Allowed networks: 127.0.0.1, ::1, 127.0.0.0/127.255.255.255 Processing by OwnersController#create as HTML Parameters: {"name"=>"hans", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"} Can't verify CSRF token authenticity Redirected to http://192.168.2.144:3000/ Filter chain halted as :authenticate_user rendered or redirected Completed 302 Found in 1ms (ActiveRecord: 0.0ms)
It seems that the CRSF authentication failed..
Edit:
at first: to Rich Peck! This helped me so much. Thank you!! I really appreciate your effort.
Im near to the solution.. My problem is: i cant put the correct params in the url. The token-auth is disabled for testing. so it wont matter.
the params should be like: Parameters: {"utf8"=>"✓", "authenticity_token"=>"q9JvFhoSUgfydFTvh18JHbIIdKNDjnOS9m/trVBu9EHPP04xGsO69zPh1BFZBI1Ev1YcnOTiPmaAiPWOSkm5Xg==", "owner"=>{"name"=>"Hubert", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]"}, "commit"=>"Create Owner"}
and not as in my request: Parameters: {"name"=>"Hubert", "password"=>"[FILTERED]", "password_confirmation"=>"[FILTERED]", "owner"=>{}}
-
Coding John over 8 yearsThank you. This explains a lot. I'm already using bcrypt for password hashing and salting. :) I'll try some things out and i'll give you some feedback after it. thanks a lot!!
-
Richard Peck over 8 yearsNo problem, anything else you need me to explain let me know
-
Coding John over 8 yearsDo i have to put the Values of the new user in URL Params or Header?
-
Richard Peck over 8 yearsIf I were testing in the browser, I'd just submit the form in the
new
action, it's not that difficult to create a form in yournew
view. I can write the code out if you need. -
Coding John over 8 yearsOkay. i cant imagine exactly what you are telling me. Writing out the code would be great. i tried to save a new User in the database with this: URL-POST-Request i dont know.. this seems to be wrong.
-
Coding John over 8 yearsSo i tried some things out. The Web Signup works fine. I didnt say that. I tried to create a new owner with this: 192.168.2.144:3000/owners/… But i still think this is wrong. bcause it didnt do anything in my DB. Maybe im understanding this request-thing wrong. Can't i just enter this URL and it creates the owner and redirects me to where all Owners are displayed?
-
Richard Peck over 8 yearsWhen you mention it didn't create anything in your db, how do you know?
-
Coding John over 8 yearsbcause i looked it up in my SQLite Studio.
-
Richard Peck over 8 yearsI can write an update about HTTP requests if you want, but it would be much more helpful if you posted your console log for the request - this will show us if it's saving the data we need or not
-
Coding John over 8 yearsWould be great. i edit the consoles log in the question
-
Coding John over 8 yearsLet us continue this discussion in chat.