PHP安全性:发送POST到相同的URL =错误? [英] PHP Security: send POST to same URL = bad?

问题描述

昨天，我对一个问题进行了答复，该问题涉及使用后重定向获取模式，如下所示:

I had a response on a question yesterday about sending POST data to the same page with the Post-Redirect-Get pattern like this:

if (isset($_POST['Submit'])) {
    // prevent resending data
    header("Location: " . $_SERVER['PHP_SELF']);
}

有人回答:发送数据从Javascript到同一PHP页面，没有AJAX或表单

对于网络安全而言，极其重要的一点是，不能通过简单的URL发送POST.

It is extremely important for the purposes of web security that a POST cannot be sent via a simple URL.

现在我想知道这有什么问题吗?我想避免使用带有确认消息的单独页面，因为这只会破坏用户体验，并且从设计POV来看是不可行的.

Now I would like to know what is wrong with this? I want to avoid using a separate page with the confirmation message, because it just breaks the user experience and from a design POV it is a no-go.

推荐答案

这对于 POST的网络安全目的 无法通过简单的URL发送.

It is extremely important for the purposes of web security that a POST cannot be sent via a simple URL.

我认为说这话的人可能误解了您或网络安全.

I think the person who said this might have misunderstood either you or web security.

对于不同的请求方法(GET，POST，PUT，DELETE，HEAD等)使用相同的URL没什么问题.实际上，这是一个非常好的主意.

There's nothing wrong with using the same URL for different request methods (GET, POST, PUT, DELETE, HEAD etc). In fact, it's a very good idea.

这篇关于PHP安全性:发送POST到相同的URL =错误?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！