blob: b5cf96b3e8bdb5b52a123ad19cd24dc2395569a6 (
plain) (
tree)
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE> [99s-extend] Reading body_qs multiple times
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:extend%40lists.ninenines.eu?Subject=Re%3A%20%5B99s-extend%5D%20Reading%20body_qs%20multiple%20times&In-Reply-To=%3CCAJ0zLRN-62a9P7QhGz5q6qoj4WaWGv_4qzEznzzwb07Hqo-0QQ%40mail.gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<style type="text/css">
pre {
white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */
}
</style>
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000107.html">
<LINK REL="Next" HREF="000109.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[99s-extend] Reading body_qs multiple times</H1>
<B>rambocoder</B>
<A HREF="mailto:extend%40lists.ninenines.eu?Subject=Re%3A%20%5B99s-extend%5D%20Reading%20body_qs%20multiple%20times&In-Reply-To=%3CCAJ0zLRN-62a9P7QhGz5q6qoj4WaWGv_4qzEznzzwb07Hqo-0QQ%40mail.gmail.com%3E"
TITLE="[99s-extend] Reading body_qs multiple times">erlang at rambocoder.com
</A><BR>
<I>Mon Apr 15 22:45:42 CEST 2013</I>
<P><UL>
<LI>Previous message: <A HREF="000107.html">[99s-extend] populating #http_req for unit testing
</A></li>
<LI>Next message: <A HREF="000109.html">[99s-extend] Reading body_qs multiple times
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#108">[ date ]</a>
<a href="thread.html#108">[ thread ]</a>
<a href="subject.html#108">[ subject ]</a>
<a href="author.html#108">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Hello group,
I am trying to put together a CSRF middleware
<A HREF="https://github.com/rambocoder/stable/commit/b26980d292ac42aadfe9921a961436e28cdbb693">https://github.com/rambocoder/stable/commit/b26980d292ac42aadfe9921a961436e28cdbb693</A>
and
if the body of the request contains "_csrf" token, I check to make sure it
matches the csrf token in the session.
Currently I am doing it in middleware using cowboy_req:body_qs/1 however
when in the handler I need to read another body parameter, such as in the
rest_pastebin example:
{ok, BodyQs, Req3} = cowboy_req:body_qs(Req),
Paste = proplists:get_value(<<"paste">>, BodyQs),
cowboy_req:body_qs/1 returns [] due to the body of the request being
already read {body_state,done}
Is it pointless to have the type of CSRF middleware that I am writing and
just do the CSRF in the handler's callback, where I can deal with all the
body_qs at once?
Thank you,
rambocoder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <<A HREF="http://lists.ninenines.eu/archives/extend/attachments/20130415/03f35a62/attachment.html">http://lists.ninenines.eu/archives/extend/attachments/20130415/03f35a62/attachment.html</A>>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000107.html">[99s-extend] populating #http_req for unit testing
</A></li>
<LI>Next message: <A HREF="000109.html">[99s-extend] Reading body_qs multiple times
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#108">[ date ]</a>
<a href="thread.html#108">[ thread ]</a>
<a href="subject.html#108">[ subject ]</a>
<a href="author.html#108">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://lists.ninenines.eu/listinfo/extend">More information about the Extend
mailing list</a><br>
</body></html>
|
