Convert page create/submit in Dash to full form for data submission
#55
Closed
opened 3 years ago by are0h
·
1 comments
Loading…
Reference in New Issue
There is no content yet.
Delete Branch '%!s(<nil>)'
Deleting a branch is permanent. It CANNOT be undone. Continue?
As of right now, the Dash used the Admin API to submit page create/edit stuff which has is workable but as the base Dash is a part of the system, it should be submitting data directly to the backend with a form rather than than the API.
Using the API should be reserved for remote experiences and/or peopel who want to make their own admin experience. The Dash shouldn't be using the API because it doesn't have to.
So I did some research on secure form transmission and thought about it what would be best and decided to keep the current API set up because one of the coolest things about Fipamo is the API and I want to keep that as robust as possible.
That said, form submission should be secure as possible, so that means making some changes to both backend to prevent spoofing and verify that the form being submitted is legit from the Dashboard UI.
I'm going to add a token challenge and lock down the fields being submitted to make sure both of these are accomplished. If the token challenge fails or the field being submitted don't match, the form submission will be rejected.
I'm toying with the idea of adding a log to keep track of failed submissions but if I do I'll make that another separate issue.