diff options
author | Timothy N. Tsvetkov <timothy.tsvetkov@gmail.com> | 2011-02-05 18:37:53 +0300 |
---|---|---|
committer | Santiago Pastorino <santiago@wyeworks.com> | 2011-02-05 18:58:32 -0200 |
commit | b9309b47cda12db34ac3427fbafff2dca0314ed7 (patch) | |
tree | 3a45755fa1f3430c9ea4152e7f58cba8e8df70b6 /actionpack/lib/action_view/helpers | |
parent | 5af31f37fb28e2e78b96d1ccf624871c883cc622 (diff) | |
download | rails-b9309b47cda12db34ac3427fbafff2dca0314ed7.tar.gz rails-b9309b47cda12db34ac3427fbafff2dca0314ed7.tar.bz2 rails-b9309b47cda12db34ac3427fbafff2dca0314ed7.zip |
Added tests for form_for and an authenticity_token option. Added docs for for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers.
[#6228 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Diffstat (limited to 'actionpack/lib/action_view/helpers')
-rw-r--r-- | actionpack/lib/action_view/helpers/form_helper.rb | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/actionpack/lib/action_view/helpers/form_helper.rb b/actionpack/lib/action_view/helpers/form_helper.rb index d6edef0d34..408a3b6721 100644 --- a/actionpack/lib/action_view/helpers/form_helper.rb +++ b/actionpack/lib/action_view/helpers/form_helper.rb @@ -298,6 +298,24 @@ module ActionView # # If you don't need to attach a form to a model instance, then check out # FormTagHelper#form_tag. + # + # === Form to external resources + # + # When you build forms to external resources sometimes you need to set an authenticity token or just render a form + # without it, for example when you submit data to a payment gateway number and types of fields could be limited. + # + # To set an authenticity token you need to pass an <tt>:authenticity_token</tt> parameter in the <tt>:html</tt> + # options section: + # + # <%= form_for @invoice, :url => external_url, :html => { :authenticity_token => 'external_token' } do |f| + # ... + # <% end %> + # + # If you don't want to an authenticity token field be rendered at all just pass <tt>false</tt>: + # + # <%= form_for @invoice, :url => external_url, :html => { :authenticity_token => false } do |f| + # ... + # <% end %> def form_for(record, options = {}, &proc) raise ArgumentError, "Missing block" unless block_given? |