HTTP POST 在 Polymer 中如何工作?

How does HTTP POST work in Polymer?

我想知道 POST 调用在 Polymer 中是如何工作的。我知道我必须使用 POST 调用来发送敏感信息,例如用户密码和访问令牌。我试过这样做:

<iron-ajax
        id="AjaxPost"
        url="/api/login"
        method="POST"
        content-type="application/x-www-form-urlencoded"
        handle-as="json"
        on-response="_handleAjaxPostResponse"
        on-error="_handleAjaxPostError"
        ></iron-ajax>


this.$.AjaxPost.params = { email: "abc@gmail.com", password: "password" };
this.$.AjaxPost.generateRequest();

但是,这将设置 URL 中的参数,可以在浏览器控制台中查看,如:

POST http://localhost:8080/api/login?email=abc%40mgail.com&password=password 400 (Bad Request)

PUT方式可以让你在body中设置数据,我觉得这样比较安全。现在我有 2 个问题:

  1. 我们也可以设置 POST 方法的主体吗?或者设置params和设置body一样?
  2. 如果可以的话,我应该如何提取服务器端的数据?

PS:我们没有使用 SSL HTTPS 连接。话虽如此,可以合并哪种方法以获得更好的安全性?

iron-ajax的api文档定义body属性如下:

body
Object default:
Body content to send with the request, typically used with "POST" requests.
If body is a string it will be sent unmodified.
If Content-Type is set to a value listed below, then the body will be encoded accordingly.

content-type="application/json"
    body is encoded like {"foo":"bar baz","x":1}
content-type="application/x-www-form-urlencoded"
    body is encoded like foo=bar+baz&x=1

Otherwise the body will be passed to the browser unmodified, and it will handle any encoding (e.g. for FormData, Blob, ArrayBuffer).

要将数据作为正文发送,您应该按如下方式修改您的请求

<iron-ajax
        id="AjaxPost"
        url="/api/login"
        method="POST"
        content-type="application/json"
        handle-as="json"
        on-response="_handleAjaxPostResponse"
        on-error="_handleAjaxPostError"
        ></iron-ajax>


this.$.AjaxPost.body = { "email": "abc@gmail.com", "password": "password" };
this.$.AjaxPost.generateRequest();