Convert page create/submit in Dash to full form for data submission #55

Closed
opened 2021-08-23 22:10:34 +02:00 by are0h · 1 comment
are0h commented 2021-08-23 22:10:34 +02:00 (Migrated from koodu.ubiqueros.com)

As of right now, the Dash used the Admin API to submit page create/edit stuff which has is workable but as the base Dash is a part of the system, it should be submitting data directly to the backend with a form rather than than the API.

Using the API should be reserved for remote experiences and/or peopel who want to make their own admin experience. The Dash shouldn't be using the API because it doesn't have to.

As of right now, the Dash used the Admin API to submit page create/edit stuff which has is workable but as the base Dash is a part of the system, it should be submitting data directly to the backend with a form rather than than the API. Using the API should be reserved for remote experiences and/or peopel who want to make their own admin experience. The Dash shouldn't be using the API because it doesn't have to.
are0h commented 2021-09-12 22:18:13 +02:00 (Migrated from koodu.ubiqueros.com)

So I did some research on secure form transmission and thought about it what would be best and decided to keep the current API set up because one of the coolest things about Fipamo is the API and I want to keep that as robust as possible.

That said, form submission should be secure as possible, so that means making some changes to both backend to prevent spoofing and verify that the form being submitted is legit from the Dashboard UI.

I'm going to add a token challenge and lock down the fields being submitted to make sure both of these are accomplished. If the token challenge fails or the field being submitted don't match, the form submission will be rejected.

I'm toying with the idea of adding a log to keep track of failed submissions but if I do I'll make that another separate issue.

So I did some research on secure form transmission and thought about it what would be best and decided to keep the current API set up because one of the coolest things about Fipamo is the API and I want to keep that as robust as possible. That said, form submission should be secure as possible, so that means making some changes to both backend to prevent spoofing and verify that the form being submitted is legit from the Dashboard UI. I'm going to add a token challenge and lock down the fields being submitted to make sure both of these are accomplished. If the token challenge fails or the field being submitted don't match, the form submission will be rejected. I'm toying with the idea of adding a log to keep track of failed submissions but if I do I'll make that another separate issue.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: projects/fipamo#55
No description provided.