PHP安全性:发送POST到相同的URL =错误? [英] PHP Security: send POST to same URL = bad?
问题描述
昨天,我对一个问题进行了答复,该问题涉及使用后重定向获取模式,如下所示:
I had a response on a question yesterday about sending POST data to the same page with the Post-Redirect-Get pattern like this:
if (isset($_POST['Submit'])) {
// prevent resending data
header("Location: " . $_SERVER['PHP_SELF']);
}
有人回答:发送数据从Javascript到同一PHP页面,没有AJAX或表单
对于网络安全而言,极其重要的一点是,不能通过简单的URL发送POST.
It is extremely important for the purposes of web security that a POST cannot be sent via a simple URL.
现在我想知道这有什么问题吗?我想避免使用带有确认消息的单独页面,因为这只会破坏用户体验,并且从设计POV来看是不可行的.
Now I would like to know what is wrong with this? I want to avoid using a separate page with the confirmation message, because it just breaks the user experience and from a design POV it is a no-go.
推荐答案
这对于 POST的网络安全目的 无法通过简单的URL发送.
It is extremely important for the purposes of web security that a POST cannot be sent via a simple URL.
我认为说这话的人可能误解了您或网络安全.
I think the person who said this might have misunderstood either you or web security.
对于不同的请求方法(GET
,POST
,PUT
,DELETE
,HEAD
等)使用相同的URL没什么问题.实际上,这是一个非常好的主意.
There's nothing wrong with using the same URL for different request methods (GET
, POST
, PUT
, DELETE
, HEAD
etc). In fact, it's a very good idea.
这篇关于PHP安全性:发送POST到相同的URL =错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!