Mercurial > gemma
changeset 454:516f0f84fe39
client: change login method from GET to POST
* Add `qs` as dependency for encoding form data because it is
recommended by the axios documentation.
author | Bernhard Reiter <bernhard@intevation.de> |
---|---|
date | Wed, 22 Aug 2018 11:53:40 +0200 |
parents | a7dc68d8e22f |
children | 1c4834aa7776 |
files | client/package.json client/src/stores/user.js client/yarn.lock |
diffstat | 3 files changed, 6 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/client/package.json Wed Aug 22 11:05:59 2018 +0200 +++ b/client/package.json Wed Aug 22 11:53:40 2018 +0200 @@ -18,6 +18,7 @@ "font-awesome": "^4.7.0", "locale2": "^2.2.0", "ol": "^5.0.0", + "qs": "^6.5.2", "vue": "^2.5.16", "vue-router": "^3.0.1", "vuex": "^3.0.1"
--- a/client/src/stores/user.js Wed Aug 22 11:05:59 2018 +0200 +++ b/client/src/stores/user.js Wed Aug 22 11:53:40 2018 +0200 @@ -1,4 +1,5 @@ import { HTTP } from "../lib/http"; +import qs from "qs"; const User = { namespaced: true, @@ -62,8 +63,10 @@ }, actions: { login({ commit }, user) { + // using POST is a bit more secure than GET return new Promise((resolve, reject) => { - HTTP.get("/login", { params: user }) + // axios will add the application/x-www-form-urlencoded header this way + HTTP.post("/login", qs.stringify(user)) .then(response => { commit("auth_success", response.data); resolve(response);
--- a/client/yarn.lock Wed Aug 22 11:05:59 2018 +0200 +++ b/client/yarn.lock Wed Aug 22 11:53:40 2018 +0200 @@ -7278,7 +7278,7 @@ version "6.5.1" resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.1.tgz#349cdf6eef89ec45c12d7d5eb3fc0c870343a6d8" -qs@~6.5.1, qs@~6.5.2: +qs@^6.5.2, qs@~6.5.1, qs@~6.5.2: version "6.5.2" resolved "https://registry.yarnpkg.com/qs/-/qs-6.5.2.tgz#cb3ae806e8740444584ef154ce8ee98d403f3e36"