Giuseppe: javascript - Node.js/Express: Prevent AJAX HTML snippet from being loaded directly from URL -

Sunday 15 April 2012

javascript - Node.js/Express: Prevent AJAX HTML snippet from being loaded directly from URL -

I node a blog I am with JS, Express and Mongodybi.

I have a button to load more posts on the home page. It works fine and I complete it with the following code:

jQuery

  $ ("# load-more-posts"). (Function () {$ .ajax ({url: '/ load / posts /', type: 'get', data type: 'html', success: function (data) {$ ("# primary").); }, Data: {"passLastDate": last date}}); Return return;});    App here  app.js   
  ("/ Load / post", routes.load posts);    And here's the scene:  
  loadPosts: function (Rick, Ridge) {var LastDate; End date = req.query.passLastDate; ("Publish": {$ lt: lastDate}}) Sort ('- publish_date'). Limit (1) .execFind (function (mistake, post) {if (posts === []) {console.log ("thats"); return res.render ("thats-it", {layout: wrong}) ;} Else {lastDate = posts.slice (-1) [0] .publish_date; return res.render ("more-post", {layout: false, post: post, end date: last date}}}}}) ; } Like I said, all this works great, however, if I copy the GET URL from the console and paste it in the browser, then I will get back the HTML snippets returned. I think it is doing such a thing, but I do not want to return it. I do not think this is a safety hazard, it just seems a bit constrained.    Is there a way to block direct requests on this scene?   
  Bonus   
 Here's something else that's strange, and it makes a two-part question when I  If check the empty post array in the statement, if the node ignores it, the console output shows  post = [] , still it leaves it on it and then  lastDate = Posts.slice (-1) is inserted on [0]. Publish_date;  I know that JS behaves strangely with empty values (empty, undefined, empty string, etc.), but I have tried different people with the same result. It seems that it is completely Ignoring it is I taking mad tablets?  
   Is there a way to block direct requests on this scene?             P>   
  loadPosts: function (rick, race) {if (rake ideas ['x-request-with'] === 'XMLHttpRequest') {// AJAX request} else {// do not request an AJX}}    It should not be used as a security measure (because it is not), but to see if the request Whether AJAX has been used or not  
 For your second problem,  [] === []  is actually wrong (such as  [] == [] ), so it There is not a good way to see if no array is empty or not. I suggest you use it:  
  if (! Posts = posts.length === 0) {// blank}    

 




Posted by



Unknown




at

03:22











Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest

No comments: Post a Comment