Safely pass parameter to Controller via AJAX in Symfony2
Question
I've got a question on how to best/safely pass parameters on an ajax request to my controller.
I've got these two options within my project using Symfony:
(1) I could pass parameters, like my entity id and a csrf token, via:
Routing.generate("my_update_route", {'id': entity.id, 'token' : token});
-> benefit of this approach would be, that I could check within my @Route annotation the correct parameter type with requirements:
@Route("/account/entity/update/{id}/{token}", name="my_update_route",
requirements={"id" = "\d+", "token" = "[a-z]+"})
-> but is passing the id and a security (csrf) token via this way (Url) the recommended way?
Or (2) Passing the variables via the post body, not in the url and I would loose the possibility to check with "requirements" the correct type automatically - but - the values are passed more safely to the server (of course when using https).
How do you normally pass your parameters when using AJAX requests? What is the most secure way of doing it?
1 answers
solution1
0 2015-07-11 23:30:35
You can pass the id and the token via URL without problem.
As you said the annotation @Route allow you to check parameters patterns (id => integer and token => string).
The token value doesn't necessarily have to be secret as mentioned in this reference .
Hope it will help you.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.