Giter Site home page Giter Site logo

Comments (4)

evantahler avatar evantahler commented on July 17, 2024

I think you asked this same question on stack overflow, so here's my answer again:

Regardless of your language/framework, all routes are able to be hit by anyone, unless you block them at load-balancer or similar level.

Rather than thinking about the problem as "how to block" access, you should be thinking about the problem like "how can I ensure that this user is authenticated to use this route". Using things like cookies or tokens is the way to go.

You can use actionhero's middleware to apply access rules to specific actions, and return errors to the use if they aren't allowed.

Here's an example project that does these types of things:

from actionhero-tutorial.

hzahoori avatar hzahoori commented on July 17, 2024

Thanks for the answer!
I know you can authenticate a user to have access to an api, I have already implemented that part with tokenization, but what I am wondering is just like you do a get request and you pass the parameters by url?id=12, I should not able able to do that in post request? means it should only go by a payload not a url. like in ajax you say data:data, if you ca please answer me on that part? it would be great!! Thanks

from actionhero-tutorial.

evantahler avatar evantahler commented on July 17, 2024

Ah!

It seems like you are asking for a feature to disable URL parameters for specific routes (It is valid to provide ? params in a POST, and it is a topic of debate which method (payload vs params) has priority.

Open an issue on the main actionhero project asking for this feature, and describing in detail (with examples) what you would like to be able to do

from actionhero-tutorial.

hzahoori avatar hzahoori commented on July 17, 2024

Thanks evan, that is right.
I will create an issue regarding it.

from actionhero-tutorial.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.