发送 API-key inside HTML 表格
Send API-key inside HTML Form
所以我的 Web 服务有一个 API 密钥。每次用户注册时,我都会给他发一封电子邮件,让他验证他的帐户。这看起来像这样:
public class EmailSender {
private static final String username = "somesecretemail@gmail.com";
private static final String password = "uthoughiwillshowyoumypassword?";
public static void sendVerificationCode(String receiverusername, String receiveremail, String code) throws Exception {
Properties prop = new Properties();
prop.put("mail.smtp.host", "smtp.gmail.com");
prop.put("mail.smtp.port", "587");
prop.put("mail.smtp.auth", "true");
prop.put("mail.smtp.starttls.enable", "true"); //TLS
Session session = Session.getInstance(prop,
new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(username, password);
}
});
MimeMessage message = new MimeMessage(session);
message.addRecipient(Message.RecipientType.TO, new InternetAddress(receiveremail));
message.setSubject("Verification Code");
MimeBodyPart messageBodyPart = new MimeBodyPart();
messageBodyPart.setText("<form action=\"https://pathtomywebserviceurl.com/verify/"+code+"\">\n" +
"<input type=\"submit\" value=\"Verify\" />\n" +
"</form>", "UTF-8", "html");
Multipart multipart = new MimeMultipart();
multipart.addBodyPart(messageBodyPart);
message.setContent(multipart);
Transport.send(message);
}
当他点击按钮时,用户实际上使用他的令牌作为参数向我的网络服务发出请求。但现在我还希望我的 API-Key 作为 eg 发送。一个 http header 以便我可以从用户验证请求中提取 API-Key 并检查 API-Key 是否等于实际 API-Key。现在我只发送代码而不发送 API-Key.
使用隐藏的表单元素:
<input type="hidden" id="myApiKey" name="myApiKey" value="myApiKeyValue">
所以我的 Web 服务有一个 API 密钥。每次用户注册时,我都会给他发一封电子邮件,让他验证他的帐户。这看起来像这样:
public class EmailSender {
private static final String username = "somesecretemail@gmail.com";
private static final String password = "uthoughiwillshowyoumypassword?";
public static void sendVerificationCode(String receiverusername, String receiveremail, String code) throws Exception {
Properties prop = new Properties();
prop.put("mail.smtp.host", "smtp.gmail.com");
prop.put("mail.smtp.port", "587");
prop.put("mail.smtp.auth", "true");
prop.put("mail.smtp.starttls.enable", "true"); //TLS
Session session = Session.getInstance(prop,
new javax.mail.Authenticator() {
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication(username, password);
}
});
MimeMessage message = new MimeMessage(session);
message.addRecipient(Message.RecipientType.TO, new InternetAddress(receiveremail));
message.setSubject("Verification Code");
MimeBodyPart messageBodyPart = new MimeBodyPart();
messageBodyPart.setText("<form action=\"https://pathtomywebserviceurl.com/verify/"+code+"\">\n" +
"<input type=\"submit\" value=\"Verify\" />\n" +
"</form>", "UTF-8", "html");
Multipart multipart = new MimeMultipart();
multipart.addBodyPart(messageBodyPart);
message.setContent(multipart);
Transport.send(message);
}
当他点击按钮时,用户实际上使用他的令牌作为参数向我的网络服务发出请求。但现在我还希望我的 API-Key 作为 eg 发送。一个 http header 以便我可以从用户验证请求中提取 API-Key 并检查 API-Key 是否等于实际 API-Key。现在我只发送代码而不发送 API-Key.
使用隐藏的表单元素:
<input type="hidden" id="myApiKey" name="myApiKey" value="myApiKeyValue">