yongsing
asked on
Change HTTP GET to HTTP POST
I have one JSP page with a hyperlink. The URL for this link is like this:
http://localhost:7001/ple/SomeAction.do?action=something&appId=1234
When the link is clicked, some Struts action class will be called, and two parameters, action and appId, will be passed in. Everything works perfectly fine for us.
Now, this is an HTTP GET. Due to security concern, how do I convert it to an HTTP POST so that the user is not able to see the parmater list on his browser's status bar when his mouse is hovering over the hyperlink?
I'm guessing that the easiest way is to call a JavaScript method when the link is called, and that method will set the parameter values, and then perform a submit.
Also, the backend action class would need to check that only HTTP POST submission is acceptable.
Thankis in advance.
http://localhost:7001/ple/SomeAction.do?action=something&appId=1234
When the link is clicked, some Struts action class will be called, and two parameters, action and appId, will be passed in. Everything works perfectly fine for us.
Now, this is an HTTP GET. Due to security concern, how do I convert it to an HTTP POST so that the user is not able to see the parmater list on his browser's status bar when his mouse is hovering over the hyperlink?
I'm guessing that the easiest way is to call a JavaScript method when the link is called, and that method will set the parameter values, and then perform a submit.
Also, the backend action class would need to check that only HTTP POST submission is acceptable.
Thankis in advance.
ASKER
I have multiple of these hyperlinks in the page, and they are different only in the parameters:
http://localhost:7001/ple/SomeAction.do?action=something&appId=1234
http://localhost:7001/ple/SomeAction.do?action=something&appId=1235
http://localhost:7001/ple/SomeAction.do?action=something&appId=1236
How do you set the value for each parameter? For example, I set appId to 1236 if the 3rd link is clicked.
And how to use POST in <html:form>?
Can you be more specific? Is there a JavaScript method that I need to call?
http://localhost:7001/ple/SomeAction.do?action=something&appId=1234
http://localhost:7001/ple/SomeAction.do?action=something&appId=1235
http://localhost:7001/ple/SomeAction.do?action=something&appId=1236
How do you set the value for each parameter? For example, I set appId to 1236 if the 3rd link is clicked.
And how to use POST in <html:form>?
Can you be more specific? Is there a JavaScript method that I need to call?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Note that if security is a concern, no matter what you do, someone could just look at the page source to see the parameters in question. May I ask what security concerns there are? If it's just a random number for some product or application then I see no harm in this being visible.
Also, a javascript solution for something such as links is never good as some people may have JS disabled and they won't be able to navigate your site.
Also, a javascript solution for something such as links is never good as some people may have JS disabled and they won't be able to navigate your site.
ASKER
I think the main concern for our client is that they do not want to use HTTP GET, especially for the user to manually enter the URL (http://localhost:7001/ple/SomeAction.do?action=something&appId=1234) to retrieve the desired page.
did you try my code?
give <html:form method="POST">
ASKER
melchkishore,
Your codes should work though I haven't tried it out yet. I will get back to you again.
Your codes should work though I haven't tried it out yet. I will get back to you again.
like
<input type="hidden" name= "action" value="something">
<input type="hidden" name="appId" value="1234">
and in <html:form> only use POST.
let me know if any concerns.