Sunday, 15 April 2012

javascript - Node.js/Express: Prevent AJAX HTML snippet from being loaded directly from URL -


I node a blog I am with JS, Express and Mongodybi.

I have a button to load more posts on the home page. It works fine and I complete it with the following code:

jQuery

  $ ("# load-more-posts"). (Function () {$ .ajax ({url: '/ load / posts /', type: 'get', data type: 'html', success: function (data) {$ ("# primary").); }, Data: {"passLastDate": last date}}); Return return;});   

App here app.js

  ("/ Load / post", routes.load posts);   

And here's the scene:

  loadPosts: function (Rick, Ridge) {var LastDate; End date = req.query.passLastDate; ("Publish": {$ lt: lastDate}}) Sort ('- publish_date'). Limit (1) .execFind (function (mistake, post) {if (posts === []) {console.log ("thats"); return res.render ("thats-it", {layout: wrong}) ;} Else {lastDate = posts.slice (-1) [0] .publish_date; return res.render ("more-post", {layout: false, post: post, end date: last date}}}}}) ; } Like I said, all this works great, however, if I copy the GET URL from the console and paste it in the browser, then I will get back the HTML snippets returned. I think it is doing such a thing, but I do not want to return it. I do not think this is a safety hazard, it just seems a bit constrained.  

Is there a way to block direct requests on this scene?

Bonus

Here's something else that's strange, and it makes a two-part question when I If check the empty post array in the statement, if the node ignores it, the console output shows post = [] , still it leaves it on it and then lastDate = Posts.slice (-1) is inserted on [0]. Publish_date; I know that JS behaves strangely with empty values ​​(empty, undefined, empty string, etc.), but I have tried different people with the same result. It seems that it is completely Ignoring it is I taking mad tablets?

Is there a way to block direct requests on this scene? P>

  loadPosts: function (rick, race) {if (rake ideas ['x-request-with'] === 'XMLHttpRequest') {// AJAX request} else {// do not request an AJX}}   

It should not be used as a security measure (because it is not), but to see if the request Whether AJAX has been used or not

For your second problem, [] === [] is actually wrong (such as [] == [] ), so it There is not a good way to see if no array is empty or not. I suggest you use it:

  if (! Posts = posts.length === 0) {// blank}    

No comments:

Post a Comment