防止对 Rails 控制器方法的直接 URL 访问 [英] Preventing direct URL access to Rails Controller Methods
问题描述
我有一个特定的 Rails 控制器方法,当我在前端执行 javascript ajax 请求时,该方法返回一些 JSON.
I have a particular Rails controller method that returns some JSON when I do an javascript ajax request in the front-end.
但是,我想阻止用户直接输入显示方法返回的 JSON 的 url.我还希望仍然能够执行我的 ajax 请求.我怎样才能简单地做到这一点?谢谢!!
However, I want to prevent users from directly typing in the url, which displays the JSON that the method returns. I also want to still be able to perform my ajax requests. How can I go about doing this simply? Thanks!!
推荐答案
只是一个想法...你可以在 respond_to
块中为 html 请求做一些自定义的事情.
Just a thought... You could do something custom in your respond_to
block for html requests.
respond_to do |format|
format.html { ... } # give them a 404 response?
format.js { render :json => @obj }
end
或者,您的具有该名称的 html.erb 模板可能只是显示某种拒绝访问的消息.然后你就拥有了这个:
Or maybe your html.erb template with that name could just show some kind of access denied message. Then you'd just have this:
respond_to do |format|
format.html
format.js { render :json => @obj }
end
这篇关于防止对 Rails 控制器方法的直接 URL 访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!