假设我想删除网站上的记录。我只想要一个按钮来调用类似“delete_record”之类的函数。
但也说我不希望通过人们可以在浏览器中键入的任何 URL 访问该函数调用。
这可以做到吗?
我只是认为有一个像“/delete_record/12345”这样的 URL 只是摆在那里供任何人输入是有点不安全的。是的,我可以双重检查这个人是否真的可以访问它,但仍然非常奇怪的。
问问题
299 次
1 回答
0
But also say I DON'T want that function call to be accessible via any URL people can type into the browser.
You could have a hidden form with pk of the object you want to delete, and have the form submit when a user clicks on the delete link. Since the form is POSTed, the delete url won't do any good if someone types it into the browsers address bar.
But I think it would be a lot lot better to use an ajax link which sends a DELETE instead of GET. That would also make typing the url into the address bar useless.
于 2013-08-15T05:32:29.993 回答