防止对 Rails 控制器方法的直接 URL 访问 [英] Preventing direct URL access to Rails Controller Methods

问题描述

我有一个特定的 Rails 控制器方法，当我在前端执行 javascript ajax 请求时，该方法返回一些 JSON.

I have a particular Rails controller method that returns some JSON when I do an javascript ajax request in the front-end.

但是，我想阻止用户直接输入显示方法返回的 JSON 的 url.我还希望仍然能够执行我的 ajax 请求.我怎样才能简单地做到这一点?谢谢！！

However, I want to prevent users from directly typing in the url, which displays the JSON that the method returns. I also want to still be able to perform my ajax requests. How can I go about doing this simply? Thanks!!

推荐答案

只是一个想法...你可以在 respond_to 块中为 html 请求做一些自定义的事情.

Just a thought... You could do something custom in your respond_to block for html requests.

respond_to do |format|
  format.html { ... } # give them a 404 response?
  format.js { render :json => @obj }
end

或者，您的具有该名称的 html.erb 模板可能只是显示某种拒绝访问的消息.然后你就拥有了这个:

Or maybe your html.erb template with that name could just show some kind of access denied message. Then you'd just have this:

respond_to do |format|
  format.html
  format.js { render :json => @obj }
end

这篇关于防止对 Rails 控制器方法的直接 URL 访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！