Logan Thompson


Hook Forms https://t.co/NSGavzxLIe | Gif Stash for iOS, DevTunnel

@marckohlbrugge That is a great question. You CAN set a callback URL where all form data will be posted. From that endpoint, your backend can do whatever you want. I think this is exactly what you're looking for.

As of now, when the form submits, Hook Forms encrypts and packages data for validation without a post action. Anything visible to the front-end is open to spammers & hackers, so we limit that as much as possible.

This type of question has come up a couple times, and we're narrowing down the best way to handle these scenarios (sign-ups, comments, etc.) without opening any security holes.

I'd love for you to email me at [email protected] with the flow that would work best for you, no matter how hypothetical. It will help us finalize these scenarios to make the best possible experience.

@loganthompson Thanks for the explanation! I don't have a specific flow in mind right now as we're not experiencing any spam problems yet, but I was curious to hear how complicated it would be to integrate something like this into an existing Rails application.

Ideally I wouldn't have to change a thing. Just add a Rubygem and have my forms automatically be spam-proof. I think it's worth exploring Stripe Checkout, how they authorise credit card charges and then submit a form to the website it's embedded on. You might be able to do something similar. When someone tries to submit a form check for spam and if it's all good you include a secure token in the form submission that tells my application the posted content is safe. If the token is omitted the posted content could be discarded or marked for review.
You're welcome!

YES. We have been thinking the same things, especially in regard to payment forms and things of that nature.

Thanks for the thoughts. Keep an eye on us!