Mercurial > gemma

changeset 454:516f0f84fe39

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
client: change login method from GET to POST * Add `qs` as dependency for encoding form data because it is recommended by the axios documentation.
author Bernhard Reiter <bernhard@intevation.de>
date Wed, 22 Aug 2018 11:53:40 +0200
parents a7dc68d8e22f
children 1c4834aa7776
files client/package.json client/src/stores/user.js client/yarn.lock
diffstat 3 files changed, 6 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/client/package.json	Wed Aug 22 11:05:59 2018 +0200
+++ b/client/package.json	Wed Aug 22 11:53:40 2018 +0200
@@ -18,6 +18,7 @@
     "font-awesome": "^4.7.0",
     "locale2": "^2.2.0",
     "ol": "^5.0.0",
+    "qs": "^6.5.2",
     "vue": "^2.5.16",
     "vue-router": "^3.0.1",
     "vuex": "^3.0.1"
--- a/client/src/stores/user.js	Wed Aug 22 11:05:59 2018 +0200
+++ b/client/src/stores/user.js	Wed Aug 22 11:53:40 2018 +0200
@@ -1,4 +1,5 @@
 import { HTTP } from "../lib/http";
+import qs from "qs";
 
 const User = {
   namespaced: true,
@@ -62,8 +63,10 @@
   },
   actions: {
     login({ commit }, user) {
+      // using POST is a bit more secure than GET
       return new Promise((resolve, reject) => {
-        HTTP.get("/login", { params: user })
+        // axios will add the application/x-www-form-urlencoded header this way
+        HTTP.post("/login", qs.stringify(user))
           .then(response => {
             commit("auth_success", response.data);
             resolve(response);
--- a/client/yarn.lock	Wed Aug 22 11:05:59 2018 +0200
+++ b/client/yarn.lock	Wed Aug 22 11:53:40 2018 +0200
@@ -7278,7 +7278,7 @@
   version "6.5.1"
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.1.tgz#349cdf6eef89ec45c12d7d5eb3fc0c870343a6d8"
 
-qs@~6.5.1, qs@~6.5.2:
+qs@^6.5.2, qs@~6.5.1, qs@~6.5.2:
   version "6.5.2"
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.2.tgz#cb3ae806e8740444584ef154ce8ee98d403f3e36"