Jeff Burlysystems wrote: > Hi Max, > > The strategy I usually follow is catch the error, log it (and check > logs periodically to make sure it's not really an xss attack), set a > msg for the user about the problem, and then redirect the user back to > where they came from, something along the lines of (in app/controllers/ > application_controller.rb): > >
Hi Jeff - thanks a lot. I'd thought about sending them back to the previous (ie requesting-from) page but it seemed like the sort of thing that could be rather tricksy and problematic and generally a pandora's box of weird hard-to-predict problems. I guess if it's been your strategy in the past then it's been ok for you? One problem i thought of was to do with request methods: the page they had been on might only be reachable from a post request for example, so just sending them back to the same url wouldn't work. Similarly, you'd want to recreate the params they had on that page as well. I've never used request.referer though, does it just handle all of that stuff automatically? -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
