node.js - Prevent users from accessing subdomain in Express -
I have web development and node. I'm very new to JS / Express. I have an express server, in my customer, I send a GET request for some data in DB. GET request
is controlled by app.get ('/ pathname', controller.getsomedata);
The problem is, users can now type URLs in the URL domainname.com/pathname and point to that pathname. If they include a specific question in domainname.com/pathname?query, then they are able to get data from DB (this is going to happen), but I would like to request only if / for pathname within the customer code , When the user does not enter the browser.
Is there a better way to make my GET request? Or there is no way to restrict users from using / path.
I apologize for the newbie question, but I do not know how to solve this, there is enough word to do a Google search. Thanks!
It is impossible to do so if your client-side code is reaching something, even malicious users Can do this.
You can reduce the problem by using a custom HTTP header or something like that, but it is better to validate all the data server-side.
Comments
Post a Comment