HTTP Method Spoofing HTML Forms
In this lesson, we'll learn how we can enable HTTP Method Spoofing to allow AdonisJS to spoof intended HTTP Verbs for basic HTML form POST requests.
- Author
- Tom Gobich
- Published
- Feb 17
- Duration
- 3m 3s
Developer, dog lover, and burrito eater. Currently teaching AdonisJS, a fully featured NodeJS framework, and running Adocasts where I post new lessons weekly. Professionally, I work with JavaScript, .Net C#, and SQL Server.
Adocasts
Burlington, KY
Transcript
HTTP Method Spoofing HTML Forms
-
(upbeat music)
-
So we left off with everything working with our form,
-
but with our request, we're still using post
-
when we want to actually be using delete.
-
And the reason we're doing that is because HTML forms
-
really only support post out of the HTTP methods
-
that we're looking to use.
-
And that's where HTTP method spoofing comes into play
-
and the DOSJS supports it.
-
So it essentially allows us to spoof
-
the underlying HTTP method that we want to use
-
with our HTML form,
-
essentially allowing us to tell Adonis
-
that although we're submitting a post request with our form,
-
we actually want to use a put, patch or delete HTTP method
-
to match against this particular routes usage.
-
So for this, we'd be able to switch our router
-
for our flush back to a delete method.
-
So we can give that a save.
-
And by default, AdonisJS starts with this off.
-
But if we dive into our app configuration
-
and we scroll down a little bit,
-
we should see underneath the HTTP config,
-
a property called allow method spoofing.
-
By default, as I said, this is set to false,
-
but we can switch this to true
-
and now we can use it within our application.
-
So to use it, we dive back into our homepage
-
where our form is and where we're generating out our route.
-
What we want to do is add on an additional query string
-
with an underscore method key,
-
setting the particular HTTP method that we want to use.
-
At the end of the day,
-
that would look something like slash Redis slash flush
-
question mark to enter in our query string,
-
underscore method equals,
-
and then the delete HTTP method that we want to use.
-
With AdonisJS's route function,
-
the second argument is going to be for route parameters
-
as we're using within our navigation
-
and whenever we're using our movie show page.
-
But the third argument is where we can set
-
configuration options, including query string information.
-
We can provide that in as an object
-
where the key is underscore method
-
and the value is then delete, just like so.
-
So if we give this a save, jump back into our browser,
-
let's open up our inspect for our network panel real quick.
-
So network panel right there
-
to make sure that we have persist logs still on and it is.
-
Let's hit our flush Redis DB button.
-
Okay, we saw everything go out.
-
Let's scroll back up to our flush call.
-
And you can see a query string
-
with underscore method equals delete
-
is now being sent out with our requests URL.
-
Everything else behaved the exact same as before.
-
We can dive back into our terminal
-
to ensure that everything worked correctly.
-
And sure enough,
-
we reached our flushing Redis DB console log,
-
ensuring that we actually entered the route handler
-
for our Redis flush route handler.
-
So with this HTTP method spoofing,
-
we can now make full use of the HTTP verbs.
-
By default, forms will be post already,
-
but we can additionally add in now put, patch
-
and delete verbs on our base HTML forms.
-
Note that you still want the underlying method attribute
-
on the form itself to be post
-
because that will allow the HTML form
-
to send up to our server as usual.
-
But now Adonis will use the underscore method
-
whenever matching against routes
-
to discern its intended HTTP verb
-
to match against our route definitions.
-
Introduction
-
Fundamentals
-
2.0Routes and How To Create Them5m 23s
-
2.1Rendering a View for a Route6m 29s
-
2.2Linking Between Routes7m 51s
-
2.3Loading A Movie Using Route Parameters9m 17s
-
2.4Validating Route Parameters6m 6s
-
2.5Vite and Our Assets6m 38s
-
2.6Setting Up Tailwind CSS9m 5s
-
2.7Reading and Supporting Markdown Content4m 32s
-
2.8Listing Movies from their Markdown Files8m 51s
-
2.9Extracting Reusable Code with Services7m 4s
-
2.10Cleaning Up Routes with Controllers4m 52s
-
2.11Defining A Structure for our Movie using Models9m 38s
-
2.12Singleton Services and the Idea of Caching6m 11s
-
2.13Environment Variables and their Validation4m 16s
-
2.14Improved Caching with Redis10m 44s
-
2.15Deleting Items and Flushing our Redis Cache6m 46s
-
2.16Quick Start Apps with Custom Starter Kits6m 28s
-
2.17Easy Imports with NodeJS Subpath Imports8m 40s
-
-
Building Views with EdgeJS
-
3.0EdgeJS Templating Basics8m 49s
-
3.1HTML Attribute and Class Utilities6m 9s
-
3.2Making A Reusable Movie Card Component10m 24s
-
3.3Component Tags, State, and Props4m 53s
-
3.4Use Slots To Make A Button Component6m 56s
-
3.5Extracting A Layout Component5m 13s
-
3.6State vs Share Data Flow2m 59s
-
3.7Share vs Global Data Flow6m 7s
-
3.8Form Basics and CSRF Protection6m 13s
-
3.9HTTP Method Spoofing HTML Forms3m 3s
-
3.10Easy SVG Icons with Edge Iconify7m 57s
-
-
Database and Lucid ORM Basics
-
4.0Configuring Lucid and our Database Connection4m 3s
-
4.1Understanding our Database Schema9m 35s
-
4.2Introducing and Defining Database Migrations18m 35s
-
4.3The Flow of Migrations8m 28s
-
4.4Introducing Lucid Models5m 43s
-
4.5Defining Our Models6m 49s
-
4.6The Basics of CRUD11m 56s
-
4.7Defining Required Data with Seeders11m 11s
-
4.8Stubbing Fake Data with Model Factories13m 48s
-
4.9Querying Our Movies with the Query Builder15m 30s
-
4.10Unmapped and Computed Model Properties3m 24s
-
4.11Altering Tables with Migrations7m 6s
-
4.12Adding A Profile Model, Migration, Factory, and Controller2m 57s
-
4.13SQL Parameters and Injection Protection9m 19s
-
4.14Reusable Query Statements with Model Query Scopes8m 11s
-
4.15Tapping into Model Factory States9m 15s
-
4.16Querying Recently Released and Coming Soon Movies4m 59s
-
4.17Generating A Unique Movie Slug With Model Hooks7m 59s
-
-
Lucid ORM Relationships
-
5.0Defining One to One Relationships Within Lucid Models5m 49s
-
5.1Model Factory Relationships2m 54s
-
5.2Querying Relationships and Eager Vs Lazy Loading5m 17s
-
5.3Cascading and Deleting Model Relationships5m 16s
-
5.4Defining One to Many Relationships with Lucid Models6m 56s
-
5.5Seeding Movies with One to Many Model Factory Relationships5m 24s
-
5.6Listing A Director's Movies with Relationship Existence Queries8m 41s
-
5.7Listing and Counting a Writer's Movies8m 41s
-
5.8Using Eager and Lazy Loading to Load A Movie's Writer and Director5m 18s
-
5.9Defining Many-To-Many Relationships and Pivot Columns9m 48s
-
5.10Many-To-Many Model Factory Relationships4m 50s
-
5.11A Deep Dive Into Relationship CRUD with Models18m 5s
-
5.12How To Create Factory Relationships from a Pool of Data13m 55s
-
5.13How To Query, Sort, and Filter by Pivot Table Data9m 47s
-
-
Working With Forms
-
6.0Accepting Form Data12m 15s
-
6.1Validating Form Data with VineJS9m 29s
-
6.2Displaying Validation Errors and Validating from our Request7m 16s
-
6.3Reusing Old Form Values After A Validation Error2m 3s
-
6.4Creating An EdgeJS Form Input Component5m 28s
-
6.5Creating A Login Form and Validator5m 1s
-
6.6How To Create A Custom VineJS Validation Rule9m 7s
-
-
Authentication & Middleware
-
7.0The Flow of Middleware7m 49s
-
7.1Authenticating A Newly Registered User4m 14s
-
7.2Checking For and Populating an Authenticated User2m 10s
-
7.3Logging Out An Authenticated User2m 24s
-
7.4Logging In An Existing User6m 54s
-
7.5Remembering A User's Authenticated Session6m 55s
-
7.6Protecting Routes with Auth, Guest, and Admin Middleware5m 36s
-
-
Filtering and Paginating Queries
-
8.0Creating A Movie List Page3m 43s
-
8.1Filtering A Query By Pattern Likeness7m 9s
-
8.2Filtering Our List by Movie Status5m 47s
-
8.3How To Apply A Dynamic Sort Filter To Your Query7m 12s
-
8.4Joining SQL Tables To Order By A Related Column4m 49s
-
Validating Query String Filter Values7m 23s
-
How To Paginate Filtered Query Results9m 15s
-
Pagination First, Last, Next, and Previous Buttons4m 2s
-
-
User Watchlist
-
An Alternative Approach to Many-To-Many Relationships4m 56s
-
Toggling A Movie in an Authenticated User's Watchlist9m 56s
-
Listing and Filtering User Watchlist Items7m 34s
-
Allowing Users To Toggle A Movie As Watched4m 44s
-
Filtering By User's Watched Status6m 7s
-
Defining A Composite Unique Constraint4m 46s
-
Join The Discussion! (0 Comments)
Please sign in or sign up for free to join in on the dicussion.
Be the first to Comment!