HTTP POST 在 Polymer 中如何工作?
How does HTTP POST work in Polymer?
我想知道 POST 调用在 Polymer 中是如何工作的。我知道我必须使用 POST 调用来发送敏感信息,例如用户密码和访问令牌。我试过这样做:
<iron-ajax
id="AjaxPost"
url="/api/login"
method="POST"
content-type="application/x-www-form-urlencoded"
handle-as="json"
on-response="_handleAjaxPostResponse"
on-error="_handleAjaxPostError"
></iron-ajax>
this.$.AjaxPost.params = { email: "abc@gmail.com", password: "password" };
this.$.AjaxPost.generateRequest();
但是,这将设置 URL 中的参数,可以在浏览器控制台中查看,如:
POST http://localhost:8080/api/login?email=abc%40mgail.com&password=password 400 (Bad Request)
PUT方式可以让你在body中设置数据,我觉得这样比较安全。现在我有 2 个问题:
- 我们也可以设置 POST 方法的主体吗?或者设置params和设置body一样?
- 如果可以的话,我应该如何提取服务器端的数据?
PS:我们没有使用 SSL HTTPS 连接。话虽如此,可以合并哪种方法以获得更好的安全性?
iron-ajax的api文档定义body属性如下:
body
Object default:
Body content to send with the request, typically used with "POST" requests.
If body is a string it will be sent unmodified.
If Content-Type is set to a value listed below, then the body will be encoded accordingly.
content-type="application/json"
body is encoded like {"foo":"bar baz","x":1}
content-type="application/x-www-form-urlencoded"
body is encoded like foo=bar+baz&x=1
Otherwise the body will be passed to the browser unmodified, and it will handle any encoding (e.g. for FormData, Blob, ArrayBuffer).
要将数据作为正文发送,您应该按如下方式修改您的请求
<iron-ajax
id="AjaxPost"
url="/api/login"
method="POST"
content-type="application/json"
handle-as="json"
on-response="_handleAjaxPostResponse"
on-error="_handleAjaxPostError"
></iron-ajax>
this.$.AjaxPost.body = { "email": "abc@gmail.com", "password": "password" };
this.$.AjaxPost.generateRequest();
我想知道 POST 调用在 Polymer 中是如何工作的。我知道我必须使用 POST 调用来发送敏感信息,例如用户密码和访问令牌。我试过这样做:
<iron-ajax
id="AjaxPost"
url="/api/login"
method="POST"
content-type="application/x-www-form-urlencoded"
handle-as="json"
on-response="_handleAjaxPostResponse"
on-error="_handleAjaxPostError"
></iron-ajax>
this.$.AjaxPost.params = { email: "abc@gmail.com", password: "password" };
this.$.AjaxPost.generateRequest();
但是,这将设置 URL 中的参数,可以在浏览器控制台中查看,如:
POST http://localhost:8080/api/login?email=abc%40mgail.com&password=password 400 (Bad Request)
PUT方式可以让你在body中设置数据,我觉得这样比较安全。现在我有 2 个问题:
- 我们也可以设置 POST 方法的主体吗?或者设置params和设置body一样?
- 如果可以的话,我应该如何提取服务器端的数据?
PS:我们没有使用 SSL HTTPS 连接。话虽如此,可以合并哪种方法以获得更好的安全性?
iron-ajax的api文档定义body属性如下:
body
Object default:
Body content to send with the request, typically used with "POST" requests.
If body is a string it will be sent unmodified.
If Content-Type is set to a value listed below, then the body will be encoded accordingly.
content-type="application/json"
body is encoded like {"foo":"bar baz","x":1}
content-type="application/x-www-form-urlencoded"
body is encoded like foo=bar+baz&x=1
Otherwise the body will be passed to the browser unmodified, and it will handle any encoding (e.g. for FormData, Blob, ArrayBuffer).
要将数据作为正文发送,您应该按如下方式修改您的请求
<iron-ajax
id="AjaxPost"
url="/api/login"
method="POST"
content-type="application/json"
handle-as="json"
on-response="_handleAjaxPostResponse"
on-error="_handleAjaxPostError"
></iron-ajax>
this.$.AjaxPost.body = { "email": "abc@gmail.com", "password": "password" };
this.$.AjaxPost.generateRequest();