I have this form:
<%= form_tag posts_path, :method => :get, :class => "search_nav" do %>
<%= text_field_tag :search, params[:search], :class => "input-long search-query", :placeholder => "#{t('.search_nav')}" %>
<%= hidden_field_tag('ip', "#{request.ip}") %>
<%= hidden_field_tag('city', "#{request.location.city}") %>
<%= hidden_field_tag('country', "#{request.location.country}") %>
<%= content_tag(:div, "",:class => "icon-search") %>
<% end %>
I get a url something like:
http://localhost:3000/en/posts?utf8=%E2%9C%93&search=check+params&ip=127.0.0.1&city=&country=Reserved
My question is:
Can I hide or encrypt the url params ip, city and country?
I can not use POST because I have paginate results:
<a rel="2" href="/en/posts?city=&country=Reserved&ip=127.0.0.1&page=2&search=check+params&utf8=%E2%9C%93">2</a>
<a rel="3" href="/en/posts?city=&country=Reserved&ip=127.0.0.1&page=3&search=check+params&utf8=%E2%9C%93">3/a>
Encrypting URL parameters is pretty pointless. Why don’t you want the user to see these values? Sure you COULD encrypt them before adding them to the form, but is that really necessary?
Furthermore, and perhaps more importantly, if these values are based on the request, then there is a good chance you don’t need to submit them in the first place.
#{request.xxx}is going to be the same on the result page as is on the form page. Is there any good reason to pass these along? By submitting these as GET parameters, you’re actually sending redundant information to the server. Ruby/Rails is already going to calculate these values based off of the IP address automatically when the next page is loaded.The problem here isn’t with the form, but rather with the logic you’ve applied to designing it. I think you may have over-analysed your situation, and need to take a step back and re-think the problem.