Answer the question
In order to leave comments, you need to log in
I
I
igor11122018-10-04 14:55:29
igor1112, 2018-10-04 14:55:29
Safely saving a new post, laravel?
The site works as usual: only the admin is allowed into the admin panel, in the admin panel it fills in the title of the new post and its content, then axios sends a POST request to the address "site.ru/news" (in the headers, as expected, there is X-CSRF-TOKEN ).
So, I'm concerned about safety. After all, an advanced user without going to the admin panel can send a POST request to my address "site.ru/news" with their data and, in fact, the server will process it as it should and save it to the database. What actions are smart people taking to prevent this from happening?
2 answer(s)
@igor1112
@orlov0562
A
Alexey Ukolov, 2018-10-04 @igor1112
They close editing endpoints with the same middleware with authorization check as the admin panel. They use gates and policies . Read documentation .
V
Vitaliy Orlov, 2018-10-04 @orlov0562
The server will not process, because an advanced user will not have an admin token CSRF in session.
Similar questions
R
V
G
@
@gugozoha2016-04-28 16:02:33
How to hardcode login and password in HTTP BASIC authentication?
2Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question