diff options
Diffstat (limited to 'guides/source')
| -rw-r--r-- | guides/source/action_view_overview.md | 28 | ||||
| -rw-r--r-- | guides/source/working_with_javascript_in_rails.md | 18 |
2 files changed, 46 insertions, 0 deletions
diff --git a/guides/source/action_view_overview.md b/guides/source/action_view_overview.md index a1b69edd22..dda3ae0863 100644 --- a/guides/source/action_view_overview.md +++ b/guides/source/action_view_overview.md @@ -1025,6 +1025,34 @@ If `@article.author_id` is 1, this would return: <label for="article_author_id_3">M. Clark</label> ``` +Recovering some option passed (e.g. programatically checking an object from collection): + +```ruby +collection_radio_buttons(:article, :author_id, Author.all, :id, :name_with_initial, {checked: Author.last}) +``` + +In this case, the last object from the collection will be checked: + +```html +<input id="article_author_id_1" name="article[author_id]" type="radio" value="1" /> +<label for="article_author_id_1">D. Heinemeier Hansson</label> +<input id="article_author_id_2" name="article[author_id]" type="radio" value="2" /> +<label for="article_author_id_2">D. Thomas</label> +<input id="article_author_id_3" name="article[author_id]" type="radio" value="3" checked="checked" /> +<label for="article_author_id_3">M. Clark</label> +``` + +To access the passed options programatically (e.g. adding a custom class if checked): + +**Sample html.erb** + +```html+erb +<%= collection_radio_buttons(:article, :author_id, Author.all, :id, :name_with_initial, {checked: Author.last, required: true} do |rb| %> + <%= rb.label(class: "#{'my-custom-class' if rb.value == Author.last.id}") { rb.radio_button + rb.text } %> +<% end %> +``` + + #### collection_check_boxes Returns `check_box` tags for the collection of existing return values of `method` for `object`'s class. diff --git a/guides/source/working_with_javascript_in_rails.md b/guides/source/working_with_javascript_in_rails.md index 8cf8efefd0..b740e933ba 100644 --- a/guides/source/working_with_javascript_in_rails.md +++ b/guides/source/working_with_javascript_in_rails.md @@ -14,6 +14,7 @@ After reading this guide, you will know: * How Rails' built-in helpers assist you. * How to handle Ajax on the server side. * The Turbolinks gem. +* How to include your Cross-Site Request Forgery token in request headers ------------------------------------------------------------------------------- @@ -524,6 +525,23 @@ For more details, including other events you can bind to, check out [the Turbolinks README](https://github.com/turbolinks/turbolinks/blob/master/README.md). +Cross-Site Request Forgery (CSRF) token in Ajax +---- + +When using another library to make Ajax calls, it is necessary to add +the security token as a default header for Ajax calls in your library. To get +the token: + +```javascript +var token = document.getElementsByName('csrf-token')[0].content +``` + +You can then submit this token as a X-CSRF-Token in your header for your +Ajax requst. You do not need to add a CSRF for GET requests, only non-GET +requests. + +You can read more about about Cross-Site Request Forgery in [Security](https://guides.rubyonrails.org/security.html#cross-site-request-forgery-csrf) + Other Resources --------------- |