Convert page create/submit in Dash to full form for data submission #55
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
As of right now, the Dash used the Admin API to submit page create/edit stuff which has is workable but as the base Dash is a part of the system, it should be submitting data directly to the backend with a form rather than than the API.
Using the API should be reserved for remote experiences and/or peopel who want to make their own admin experience. The Dash shouldn't be using the API because it doesn't have to.
So I did some research on secure form transmission and thought about it what would be best and decided to keep the current API set up because one of the coolest things about Fipamo is the API and I want to keep that as robust as possible.
That said, form submission should be secure as possible, so that means making some changes to both backend to prevent spoofing and verify that the form being submitted is legit from the Dashboard UI.
I'm going to add a token challenge and lock down the fields being submitted to make sure both of these are accomplished. If the token challenge fails or the field being submitted don't match, the form submission will be rejected.
I'm toying with the idea of adding a log to keep track of failed submissions but if I do I'll make that another separate issue.