4

I'm trying to render a js alert directly after a user clicks on a submit.

Here's what I have and what I've tried:

That's my erb file.

<form action="/welcome/subscribe">
    <div>
        <div id="bottomm">
            <input id="bottom" type="text" name="email" placeholder="Adresse mail" />
        </div>
        <div>
            <input type="submit" value="Ok"/>
        </div>
    </div>
</form>

Here's the subscribe method in my controller:

def subscribe
  @test = Test.new
  @test.email = params['email']
  @test.save
  binding.pry
  render js: "alert('test)";
end

But I get this error:

Security warning: an embedded <script> tag on another site requested protected JavaScript. If you know what you're doing, go ahead and disable forgery protection on this action to permit cross-origin JavaScript embedding.

Any idea? :/

edit:

By adding theses 2 lines I can now avoid the warning:

protect_from_forgery with: :exception
skip_before_action :verify_authenticity_token

But now it's redirecting me on a blank page with just written on it:

alert('test')
Improve this question
7
  • Have you considered having a subscribe.js.erb file which does the alert? Commented Feb 24, 2016 at 13:32
  • Like rendering the subscribe.js.erb ? But if I do this it will redirect and I'd like to stay on the same page but just print out an alert. Is that posible? Commented Feb 24, 2016 at 13:34
  • Why would it redirect? Commented Feb 24, 2016 at 13:48
  • It will render a new page, am I wrong about that ? Commented Feb 24, 2016 at 13:50
  • Yes, it will only redirect if you tell it to. Commented Feb 24, 2016 at 13:54

2 Answers 2

Reset to default
1

You are missing data-remote attribute in your form, just add it:

<form action="/welcome/subscribe" date-remote="true">
    <div>
        <div id="bottomm">
            <input id="bottom" type="text" name="email" placeholder="Adresse mail" />
        </div>
        <div>
            <input type="submit" value="Ok"/>
        </div>
    </div>
</form>

Update

Btw, from the given error, you may add protect_from_forgery to your application controller:

class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  protect_from_forgery with: :exception

  # Other code
end

For more detail, please read this documentation

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks, Rails already set this up when I did new rails ... So it's already here :)
Now it works! I just added skip_before_action :verify_authenticity_token but now it's redirecting to a blank page with just alert('...') written in it x.x
0

You need to specify that your form will be submitted asynchronously (IE without a full page refresh). When using form_for to generate your form, you would include :remote => true. Since you are typing out your full form you need to do this:

<form action="/welcome/subscribe" date-remote="true">
#...
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.