1
私はSails.jsの初心者ですから、助けが必要です。Sails.jsの使用方法の削除と更新を防止する
実際、私はSails.js/Nodeでバックエンドを作成しています。しかし、短期間に私はSails.jsのdestroy(HTTP DELETE)メソッドとupdate(HTTP UPDATE)メソッドをユーザが使用するのを防ぐ(回避する)必要があります。
私はblueprint.jsを編集する必要があることは知っていますが、ユーザーがRestful CRUDで破棄または更新しようとすると、バックエンドは「このアクションはセキュリティーのために無効になります。
私blueprint.jsは次のとおりです。
module.exports.blueprints = {
/***************************************************************************
* *
* Action routes speed up the backend development workflow by *
* eliminating the need to manually bind routes. When enabled, GET, POST, *
* PUT, and DELETE routes will be generated for every one of a controller's *
* actions. *
* *
* If an `index` action exists, additional naked routes will be created for *
* it. Finally, all `actions` blueprints support an optional path *
* parameter, `id`, for convenience. *
* *
* `actions` are enabled by default, and can be OK for production-- *
* however, if you'd like to continue to use controller/action autorouting *
* in a production deployment, you must take great care not to *
* inadvertently expose unsafe/unintentional controller logic to GET *
* requests. *
* *
***************************************************************************/
// actions: true,
/***************************************************************************
* *
* RESTful routes (`sails.config.blueprints.rest`) *
* *
* REST blueprints are the automatically generated routes Sails uses to *
* expose a conventional REST API on top of a controller's `find`, *
* `create`, `update`, and `destroy` actions. *
* *
* For example, a BoatController with `rest` enabled generates the *
* following routes: *
* ::::::::::::::::::::::::::::::::::::::::::::::::::::::: *
* GET /boat -> BoatController.find *
* GET /boat/:id -> BoatController.findOne *
* POST /boat -> BoatController.create *
* PUT /boat/:id -> BoatController.update *
* DELETE /boat/:id -> BoatController.destroy *
* *
* `rest` blueprint routes are enabled by default, and are suitable for use *
* in a production scenario, as long you take standard security precautions *
* (combine w/ policies, etc.) *
* *
***************************************************************************/
// rest: true,
/***************************************************************************
* *
* Shortcut routes are simple helpers to provide access to a *
* controller's CRUD methods from your browser's URL bar. When enabled, *
* GET, POST, PUT, and DELETE routes will be generated for the *
* controller's`find`, `create`, `update`, and `destroy` actions. *
* *
* `shortcuts` are enabled by default, but should be disabled in *
* production. *
* *
***************************************************************************/
// shortcuts: true,
/***************************************************************************
* *
* An optional mount path for all blueprint routes on a controller, *
* including `rest`, `actions`, and `shortcuts`. This allows you to take *
* advantage of blueprint routing, even if you need to namespace your API *
* methods. *
* *
* (NOTE: This only applies to blueprint autoroutes, not manual routes from *
* `sails.config.routes`) *
* *
***************************************************************************/
// prefix: '',
/***************************************************************************
* *
* An optional mount path for all REST blueprint routes on a controller. *
* And it do not include `actions` and `shortcuts` routes. *
* This allows you to take advantage of REST blueprint routing, *
* even if you need to namespace your RESTful API methods *
* *
***************************************************************************/
// restPrefix: '',
/***************************************************************************
* *
* Whether to pluralize controller names in blueprint routes. *
* *
* (NOTE: This only applies to blueprint autoroutes, not manual routes from *
* `sails.config.routes`) *
* *
* For example, REST blueprints for `FooController` with `pluralize` *
* enabled: *
* GET /foos/:id? *
* POST /foos *
* PUT /foos/:id? *
* DELETE /foos/:id? *
* *
***************************************************************************/
// pluralize: false,
/***************************************************************************
* *
* Whether the blueprint controllers should populate model fetches with *
* data from other models which are linked by associations *
* *
* If you have a lot of data in one-to-many associations, leaving this on *
* may result in very heavy api calls *
* *
***************************************************************************/
// populate: true,
/****************************************************************************
* *
* Whether to run Model.watch() in the find and findOne blueprint actions. *
* Can be overridden on a per-model basis. *
* *
****************************************************************************/
// autoWatch: true,
/****************************************************************************
* *
* The default number of records to show in the response from a "find" *
* action. Doubles as the default size of populated arrays if populate is *
* true. *
* *
****************************************************************************/
// defaultLimit: 30
};
おかげであなたの助けのためにたくさん。
ご協力ありがとうございます。それはうまく動作しますが、ユーザーがこれらの操作を使用しようとすると、どのようにメッセージが表示されますか? ユーザーは「セキュリティのためにこの操作は無効です」というメッセージを受け取る必要があります。 詳細を教えてください。 –
これは別の質問です。元の質問への回答としてマークしていただきありがとうございます。私はあなたのクライアントが405(私が思う)許可エラーのhttpコードを認識し、それが合っていると思われるメッセージを表示する必要があると言います。 – max
Ok @maxあなたの答えは本当に私を助け、働きます。どうもありがとう。 –