When we define routes in routes.rb using the name like map.some_link we can use the link in two ways- some_link_url() some_link_path. What are the differences between the two? Which is more secure to be used?
views:
501answers:
3
+3
A:
I had the same question and I wrote a small post about this in my blog
The reason is summarized here (I found this on a forum):
*_path are for views because ahrefs are implicitly linked to the current URL. So it’d be a waste of bytes to repeat it over and over. In the controller, though, *_url is needed for redirect_to because the HTTP specification mandates that the Location: header in 3xx redirects is a complete URL.
Here is another explanation which says it depends on whether we need to use an absolute URI when linking to an SSL site from a non-SSL site, and vice versa.
What I have read so far, doesn't suggest that any of them is more secure than the other. It really comes down to what is the "proper" usage.
Petros
2010-02-28 11:01:15
Thanks a lot. Found it useful. So in the controllers we use "_url" while in the views we can use "_path" though "_url" can still be used there as well.
sana
2010-03-03 11:56:27
A:
By secure if you mean not exposing all the data passed, then _path is better as it generates a relative url, something like '/login' but _path would give 'http://localhost:3000/login'. Please refer to this blog post i found sometime back regarding the same. When _url is better than _path
alokswain
2010-04-05 05:30:00
I'm afraid this is incorrect. Using _path for security reasons doesn't provide any security. This would be the same as saying that the IP address of a web server should be kept secret, when a simple DNS request reveals this information.
normalocity
2010-09-24 03:22:26
Likewise, with the example given above regarding hiding the host and port "localhost:3000" for security, is incorrect. Discovering this information is simple using a software network scanning tool, widely available.
normalocity
2010-09-24 03:30:14