Home/ Questions/Q 7631275
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T06:18:49+00:00

Assume that there are Post and Comment models. class Post < ActiveRecord::Base has_many :comments

  • 0

Assume that there are Post and Comment models.

class Post < ActiveRecord::Base
  has_many :comments
end

class Comment < ActiveRecord::Base
  belongs_to :post
end

In config/routes.rb

resources posts do
  resources comments
end

In this situation, if we retrieve the comment id 12 of the post id 1, the proper restful routing path will be as follows:

post_comments_path(@comment.post, @comment)

and this will be displayed in the URL box of the client’s browser as follows:

post/1/comments/12

What I am concerning in this context is whether there are ways to hide the above url string including ids and replace others expression excluding id data, for exmaple, “post/comments”, or not.

If this questions is not significant, although id data are exposed in the query string, I am curious about whether there is any security problem or not.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You may want to checkout a Railscast on displaying model attributes in the url. However, its much more easy to manage your resources keeping the id in the url.

    http://railscasts.com/episodes/63-model-name-in-url

    Even on the Railscast, you’ll find Ryan Bates talking of tricky issues if you do not have the id in the url and simply have, say, name as posts/name-of-post instead of posts/1.

    To change the url, all you need to do is override the to_param method that Rails uses to convert the model to a url. However, without passing the id, you’ll need to modify your code in other places too.

    • 0