stackoom
  简体   繁体   中英

POST request to API sending parameteres in URL

 原文  2014-12-10 15:46:53       ruby-on-rails/ angularjs/ cordova

Question

I've a web in Ruby on Rails, which works. Now, I'm developing a mobile app to complement that web. I'm using Cordova and AngularJS (v1.2.13).

The first step to use the app (as a user) is to sign in using the same credentials as in the web. In order to connect the app with the database I'm developing an API in Rails.

Signing in from the app works, but when making the POST call to the API, the parameters are attached to the URL: 

http://localhost:3000/api/sign_in?email=user@example.com&password=1234

This is not safe, for obvious reasons. I want those parameters removed from the URL: 

http://localhost:3000/api/sign_in

I don't understand why the parameters are not being passed 'hidden' . What am I missing?

In my angular service I have: 

app.factory('loginService', ['$resource', 'BASE_URL', function($resource, BASE_URL){
    return $resource(BASE_URL + '/api/sign_in', {email:'@email', password:'@password'}, {
        'sign_in': {
            method: 'POST',
            isArray: false,
            headers: {'Content-Type': 'application/x-www-form-urlencoded'}
        }
    });
}]);

And in the controller: 

var logged = loginService.sign_in({email: $scope.email, password: $scope.password},
                 function(data){ /*do whatever with the data*/}
             );

EDIT

I forgot to mention that I use Devise for authentication. Routing: 

namespace :api do 
    devise_scope :user do 
      post "/sign_in", :to => 'sessions#create'
    end
  end

which gives me: 

api_sign_in POST   /api/sign_in(.:format)

The controller, in case it's needed: 

class Api::SessionsController < Api::ApiController

  include Devise::Controllers::InternalHelpers

  def create
    ...
  end

end

2 answers

solution1
 0  2014-12-11 16:15:37

I am not all too familiar with Ruby (that is Ruby, right?), but if you simply want to hit an API endpoint without changing the URL, here is an example of some code that has been working for me without the issues you have described. I think the big thing here is the /:id/:controller part.

I hope this helps, but I am using client-side routing so idk how that would affect things. 

 angular.module('dayakoApp')
  .factory('User', function ($resource) {
    return $resource('/api/users/:id/:controller', {
      id: '@_id'
    },
    {
      changePassword: {
        method: 'PUT',
        params: {
          controller:'password'
        }
      },
      get: {
        method: 'GET',
        params: {
          id:'me'
        }
      }
      });
  });

solution2
 0 ACCPTED  2014-12-12 08:15:16

I finally managed to do it thanks to this SO question

It basically sais to remove the params from the service: 

maappServices.factory('loginService', ['$resource', '$http', 'BASE_URL', function($resource, $http, BASE_URL){
    return $resource(BASE_URL + '/api/sign_in', {/*REMOVE params from this part*/}, {
        'sign_in': {
            method: 'POST',
            isArray: false
        }
    });
}]);

And now the call to the api is done like this: Started POST "/api/sign_in" I also removed the header part in order to work.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Rails functional test: sending URL query parameters in POST request sending POST request to API endpoint to receive stripe_user_id Sending a POST request/response to a backend API from another device? Sending POST request rails Sending POST request in Rails Cross-Origin Request Blocked: While Sending the POST request from Angular2 Application to Rails API Sending a Post request with net/http Sending HTTP/2 POST request in Ruby RSpec not sending a Post request in JSON Sending POST request from android to RoR app, but cannot find the right URL
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM