更改struts 2中的显示URL以隐藏请求参数 [英] Change display URL in struts 2 to hide request parameters
问题描述
我非常清楚使用GET方法并在网址中传递请求参数是不良做法和安全漏洞。但是我们处于项目开发几乎完成的状态,我们无法承担将所有GET更改为POST并重新测试整个项目的情况。
I know very well that using GET method and passing request parameters in URL is a bad practice and security vulnerability . But we are in a situation where project development is almost completed and we can not afford to change all the GET to POST and re-test the whole thing all over again.
有没有办法更改显示的网址?
Is there a way to change the displayed URL ?
或者URL编码可以完成这项工作吗?请建议在这种情况下可能是最好的方法。
Or URL encoding will do the job ? Please suggest what could be the best approach in this situation.
推荐答案
存在方式,它是HTML5历史API。
The way exists, it is the HTML5 History API.
它需要JavaScript和 HTML5兼容的浏览器 ,或旧IE的javascript后备(例如History.js)。
It needs JavaScript and HTML5 compliant browsers, or a javascript fallback for old IE (eg History.js).
看看 history.replaceState() 和 history.pushState() 方法:第一次改变当前历史记录条目,第二个添加一个新的(在后退按钮使用中创建噪声,所以我建议第一个)。
Take a look at history.replaceState() and history.pushState() methods: the first alter the current history entry, the second adds a new one (creating noise in back button usage, so I suggest the first).
删除QueryString(?param1 = value1& param2 = value2 part)只需在页面加载时运行此脚本:
To remove the QueryString (the ?param1=value1¶m2=value2 part) just run this script on page load:
<script>
$(function(){
history.replaceState("","",location.href.substring(0,location.href.indexOf("?")));
});
</script>
虽然这个客户端解决方案肯定能提高清晰度和视觉效果,但我怀疑它可以提高安全性。 重定向后获取会更好,但如果你不能,那么使用这种技术。
While this client-side solution definitely improves clearness and eye candy, I doubt it improves security at all; Post-Redirect-Get would be better, but if you can't, then use this technique.
我通常将PRG与此结合使用来实现漂亮的网址,并且效果很好。
I generally use PRG in conjunction with this to achieve pretty URLs, and it works perfectly.
请注意这是一个模拟的PRG,加载页面后的F5可能会根据您编写应用程序的方式 进行不可预测的行为 。
Note that this is a simulated PRG, an F5 after the page is loaded might have unpredictable behaviors according to how you've programmed your application.
这篇关于更改struts 2中的显示URL以隐藏请求参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
