Sails JS禁止POST请求 [英] Sails JS forbidden POST request
问题描述
我正在尝试学习Sails JS和显然的REST API。
我创建了一个用户模型,但我认为它很好用(它可以与数据库通信数据) )。我还创建了一个注册控制器,其中包含4个必需的输入,以便将新记录存储在我的用户集中。 (此控制器生成了一些其他数据,以在注册时完成记录)
我想用POSTMAN测试此控制器,所以我去了 routes.js 并查看:
'POST / api / v1 / entrance / signup':{动作:'entrance / signup'},
但是当我在 192.168.1.13:1338/api/v1/entrance/signup 输入POST请求时,我声明了4个需要的输入有这个答案:禁止
我不知道我做错了什么。我还在 blueprints.js <中启用了休息,快捷方式和操作 / p>
有人有想法吗? :)
如下所述,删除CSRF保护不是一个解决方案,因为它可能会使api暴露于安全漏洞中。我目前使用的是JWT,但是它似乎不如CSRF令牌安全,因此唯一正确的方法是将令牌包含在每个HTTP的请求标头中。
I'm trying to learn Sails JS and obviously REST API.
I've created a user model wich I think works fine (it communicates datas with my db). I've also created a signup controller with 4 needed inputs to store a new record in my user collection. (Some other datas are generated by this controller to complete the record at the moment of the registration)
I would like to test this controller with POSTMAN, so I go to my routes.js and see :
'POST /api/v1/entrance/signup': { action: 'entrance/signup' },
But when i enter a POST request at 192.168.1.13:1338/api/v1/entrance/signup with my 4 needed inputs declared I have this answer : Forbidden
I don't know what I do wrong. I've also enabled rest, shortcuts and actions in my blueprints.js
Does someone has an idea ? :)
As said below, removing CSRF protection is not an answer as it may expose the api to a security breach. I currently use JWT but it doesn't seems to be as secure as CSRF token so the only right way is to include the token in every HTTP's request header.
这篇关于Sails JS禁止POST请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
