Sails JS 禁止 POST 请求 [英] Sails JS forbidden POST request

问题描述

我正在尝试学习 Sails JS 和显然是 REST API.

I'm trying to learn Sails JS and obviously REST API.

我创建了一个我认为工作正常的用户模型(它与我的数据库通信数据).我还创建了一个注册控制器，其中包含 4 个所需的输入，以便在我的用户集合中存储一条新记录.(其他一些数据由该控制器生成，以完成注册时的记录)

I've created a user model wich I think works fine (it communicates datas with my db). I've also created a signup controller with 4 needed inputs to store a new record in my user collection. (Some other datas are generated by this controller to complete the record at the moment of the registration)

我想用 POSTMAN 测试这个控制器，所以我去我的 routes.js 看看:

I would like to test this controller with POSTMAN, so I go to my routes.js and see :

'POST  /api/v1/entrance/signup': { action: 'entrance/signup' },

但是当我在 192.168.1.13:1338/api/v1/entrance/signup 输入一个 POST 请求并声明了我需要的 4 个输入时，我得到了这个答案:Forbidden

But when i enter a POST request at 192.168.1.13:1338/api/v1/entrance/signup with my 4 needed inputs declared I have this answer : Forbidden

我不知道我做错了什么.我还在 blueprints.js

I don't know what I do wrong. I've also enabled rest, shortcuts and actions in my blueprints.js

有人有想法吗?:)

推荐答案

如下所述，删除 CSRF 保护并不是一个解决方案，因为它可能会使 api 暴露于安全漏洞.我目前使用 JWT，但它似乎不如 CSRF 令牌安全，因此唯一正确的方法是将令牌包含在每个 HTTP 的请求标头中.

As said below, removing CSRF protection is not an answer as it may expose the api to a security breach. I currently use JWT but it doesn't seems to be as secure as CSRF token so the only right way is to include the token in every HTTP's request header.

这篇关于Sails JS 禁止 POST 请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！