Rails support should handle normal hidden tags about forme HOT 4 CLOSED

I don't think that forme's Rails support should do something just because Rails form_for does so.

I do agree that the authenticity_token should be added automatically for forms using POST, and I'd like to support that on Sinatra as well using rack-csrf.

Personally, I've always thought that Rails' way of trying to fake HTTP verbs that browsers do not support is stupid. I suppose there are Rails applications that rely on it (though none of my Rails apps do), but as it is not strictly necessary, I don't think the method should be added by default.

The utf8 tag I don't think should be added automatically by default either, as I don't like forcing an encoding on people.

That's not to say that we can't add options that add the method and utf8 tags automatically, I just don't want it to be the default.

Ideally the underlying implementation for this this would be something transformer-like that is applied to all new Form objects at the end of Form#initialize. The tricky thing about it is making sure the transformer has the ability to access the necessary context containing the authenticity token.

from forme.

Is there a better approach than using _method? Browsers can only do GET or POST (excluding XMLHttpRequest) and I'm not aware of any other other way to get Rails to handle a PUT or DELETE than the _method param. I don't think it's great practice either, but I'm just trying to play with the hand I've been dealt.

from forme.

Personally, since browsers only do GET and POST, I don't use other HTTP verbs for actions that I want a browser to execute. For non-browser based applications, I think other HTTP verbs are fine. Considering that forme is a HTML form library designed for browsers, by design it only uses GET and POST.

I do understand playing the hand you've been dealt, and certainly think it would be generally be useful to have a transformer/callback so that all forms created by forme can be modified in a way that suits the app, instead of having to do the same modifications in each call. This even affects my personal usage of forme, since currently I have to add CSRF tags to all POST forms manually.

from forme.

Please give this a shot and let me know if it works for you. I think it should be flexible enough to handle most needs.

from forme.