Menu
I saw that all controllers methods are free for GET and POST. How to ensure to permits only POST for some methods?
231
If you are using action blueprints to automatically route URLs to custom controller action, then those actions will respond to GET, PUT, POST, DELETE and PATCH methods by default. If you'd rather control which methods are allowed, you have a few choices:
Disable certain methods using custom routes in your config/routes.js file. For example, if you have a foo action in UserController.js that you don't want to allow GET requests for, you can add the following custom route:
"GET /user/foo": {response: 'forbidden'}
to automatically route it to the "forbidden" response (same as doing res.forbidden() in a controller)
Test req.method within the action itself, and return early for methods you don't want to process:
if (req.method.toUpperCase() == 'GET') {return res.forbidden();}
Disable action routes by setting actions to false in your config/blueprints.js file. You'll then have to set up all your routes manually in your config/routes.js file.
115
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
