向 DELETE 请求发送数据的最安全方式 (req.params / req.query)
[英]Most secure way of sending data to DELETE request (req.params / req.query)
问题描述
req.params property 
req.params 属性
We can call a DELETE request by using the req.params.id by gathering URL parameters for pointing to a record by its id for example to a backend route /users/delete/id/:id我们可以使用req.params.id调用 DELETE 请求,方法是收集 URL 参数以通过其 id 指向记录,例如后端路由/users/delete/id/:id
req.query property req.query 属性
We can call a DELETE request by using req.query.id for extracting a JSON object and send it to a backend route /users/delete?id=2 to the controller/model for a record to be deleted like {"id": "2"}我们可以通过使用req.query.id来调用 DELETE 请求,以提取 JSON object 并将其发送到后端路由/users/delete?id=2到控制器/模型以删除记录,例如{"id": "2"}
Question问题
What is the safest way for sending data to DELETE requests in terms of security issues that a user may take advantage of directly or indirectly considering we already have a safe login system?考虑到我们已经有一个安全的登录系统,就用户可能直接或间接利用的安全问题而言,将数据发送到 DELETE 请求的最安全方法是什么?
1 个解决方案
解决方案1
1 2022-09-17 16:51:14
If you were using GET or POST then the URL and body (if it wasn't JSON) might be vulnerable to CSRF attacks, but you can't trigger a DELETE request with cross-origin code (unless explicitly granted permission with a perflight CORS request).如果您使用 GET 或 POST,则 URL 和正文(如果不是 JSON)可能容易受到 CSRF 攻击,但您无法使用跨域代码触发 DELETE 请求(除非通过 perflight 明确授予权限 CORS要求)。
You aren't, so it doesn't make any difference (at least from a security perspective).你不是,所以它没有任何区别(至少从安全角度来看)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.