What is the difference between _url and _path while using the routes in rails

Question

When we define routes in routes.rb using the name like map.some_link.We can use the link in two ways- some_link_url, some_link_path.

What are the differences between the two?
Which is more secure to be used?

score 90 · Accepted Answer · edited Feb 20 '20 at 17:30

90

I had the same question and I wrote a small post about this in my blog

The reason is summarized here (I found this on a forum):

*_path are for views because ahrefs are implicitly linked to the current URL. So it’d be a waste of bytes to repeat it over and over. In the controller, though, *_url is needed for redirect_to because the HTTP specification mandates that the Location: header in 3xx redirects is a complete URL.

Here is another explanation which says it depends on whether we need to use an absolute URI when linking to an SSL site from a non-SSL site, and vice versa.

What I have read so far, doesn't suggest that any of them is more secure than the other. It really comes down to what is the "proper" usage.

edited Feb 20 '20 at 17:30

modulitos

14,737
16
67
110

answered Feb 28 '10 at 11:01

Petros

8,862
3
39
38

3

Thanks a lot. Found it useful. So in the controllers we use "_url" while in the views we can use "_path" though "_url" can still be used there as well. – MohamedSanaulla Mar 03 '10 at 11:56
16

You don't need to use *_url for controllers, path will work just as well. You should only use `_url` when displaying the route to outside sources. – Ryan Bigg Jan 20 '12 at 05:54
3

To clarify some more: the `_path` output will work just as well for the `Location` header in a Redirect. The browser will interpret that as a relative-to-root redirect. – Ryan Bigg Jan 20 '12 at 06:03
3

The quote in the answer is incorrect. `_path` works in controllers. – Emil Aug 13 '14 at 05:46
2

The URL to your blog post is 404'ing. Can you update the link? – jshah Feb 04 '19 at 20:49
1

Thanks @jshah! I have found the long lost page in the web archive: https://web.archive.org/web/20110227231430/https://amiridis.net/posts/11. I will move it back to my current blog, and update the URL. While doing that, I will try to refresh my answer to include some of the comments in here, but also see if there's a newer take on this. – Petros Feb 11 '19 at 18:32
I think the answer from @ponzao is more succinct and straightforward. – jiggysoo Mar 01 '21 at 00:17

ponzao · Answer 2 · 2011-05-12T07:28:20.883

90

path is relative while url is absolute.

edited May 12 '11 at 07:28

answered Feb 28 '10 at 11:14

ponzao

20,684
3
41
58

5

Rather succinct. I like succinct. ;) +1 – sholsinger Aug 17 '11 at 13:21
2

Perfect. The usage of _url is required in controller(server-side) and _path are engouh in the view(browser-end). – Arun May 03 '13 at 09:38
Short, concise answer +1 – user115014 Dec 12 '16 at 10:16

score 42 · Answer 3 · edited Mar 09 '11 at 03:22

42

An example of the difference for a resource called "user":

users_url # => http://localhost:3000/users
users_path  # => /users

edited Mar 09 '11 at 03:22

Community

1
1

answered Dec 22 '10 at 17:21

Jason

11,709
9
66
82

score 2 · Answer 4 · answered Jan 04 '11 at 16:29

2

Same answer as Petros, except that modern browsers handle relative redirects just fine. (I'd comment on his answer, but I can't yet.)

answered Jan 04 '11 at 16:29

Ian Lotinsky

3,985
2
15
10

score 1 · Answer 5 · answered Sep 13 '13 at 07:13

_url will give the entire path. As it contains the domain name and protocol, you can use it for eg. to send email or redirecting to another domain, etc.

_path will return the path which is after '/' without domain,protocol etc. So you can use it every now and then(I guess), where you don't require details of domain.

score 1 · Answer 6 · answered Apr 05 '10 at 05:30

1

By secure if you mean not exposing all the data passed, then _path is better as it generates a relative url, something like '/login' but _path would give 'http://localhost:3000/login'. Please refer to this blog post i found sometime back regarding the same. When _url is better than _path

answered Apr 05 '10 at 05:30

Alok Swain

6,409
5
36
57

3

I'm afraid this is incorrect. Using _path for security reasons doesn't provide any security. This would be the same as saying that the IP address of a web server should be kept secret, when a simple DNS request reveals this information. – jefflunt Sep 24 '10 at 03:22
1

Likewise, with the example given above regarding hiding the host and port "localhost:3000" for security, is incorrect. Discovering this information is simple using a software network scanning tool, widely available. – jefflunt Sep 24 '10 at 03:30

score -1 · Answer 7 · answered Jul 04 '17 at 20:12

The _url helper generates a string containing the entire URL, while the _path helper generates a string containing the relative path from the root of the application, e.g.:

photos_url  # => "http://www.example.com/photos"
photos_path # => "/photos"

As per Rails Guides - Routing.

What is the difference between _url and _path while using the routes in rails

7 Answers7

Linked