django url反向隐藏关键字参数

时间:2022-09-04 12:16:06

Consider a request coming from this url /messages/compose/(?P<recipients>[\+\.\w]+)/ where recipients is usernames separated by + sign. After success (message to recipients successfully sent) i am doing:

考虑来自此url /messages/compose/(?P [\ + \\。\ w] +)/的请求,其中收件人是用+号分隔的用户名。成功后(收件人成功发送的消息)我正在做:

#success_url = 'message_send_success'
recipients = '+'.join([obj.username for obj in recipients]) #converting them back to original string
reverse(success_url, kwargs={'recipients': recipients})

This is the url to whom it match:

这是它匹配的网址:

url(r'^/messages/success/(?P<recipients>[\+\.\w]+)$', 'site.views.message_send_success', name='message_send_success')

But it will show all recipients in the url, is there any away i can hide those recipients string to be displayed in url and can access it in request??

但它会在网址中显示所有收件人,有没有我可以隐藏那些收件人字符串显示在网址中,并可以在请求中访问它?

2 个解决方案

#1


0  

Not if you're using a redirect. Django has a "shared-nothing" architecture, which means that between one request and the next no user state persists on the server. For this reason, Django can't (automatically) "remember" what your recipients were before the redirect, so it can access them in the next HTTP request.

如果您使用重定向,则不会。 Django有一个“无共享”架构,这意味着在一个请求和下一个请求之间没有用户状态在服务器上持续存在。出于这个原因,Django不能(自动)“记住”重定向之前收件人的内容,因此它可以在下一个HTTP请求中访问它们。

What are your reasons for wanting to hide them? Is there sensitive information you can't send back to the client, or something like that? One option to avoid that is to simply repeat the information the client sent (i.e. the original recipients parameter) and have the success view redo the operations that compose did on them.

你想隐藏它们的原因是什么?是否有敏感信息无法发送回客户端,或类似的东西?避免这种情况的一个选择是简单地重复客户端发送的信息(即原始收件人参数),并使成功视图重做组成的操作。

#2


1  

Maybe you want to use base64 library:

也许你想使用base64库:

>>> base64.b64encode("what is that?")
'd2hhdCBpcyB0aGF0Pw=='
>>> base64.b64decode("d2hhdCBpcyB0aGF0Pw==")
'what is that?'

Note: if you want to have more safety urls, you should do some translations on that string (otherwise other user that know base (en)coding will easily decode your value.

注意:如果您想要更多安全网址,您应该对该字符串进行一些翻译(否则其他知道base(en)编码的用户将很容易解码您的值。

#1


0  

Not if you're using a redirect. Django has a "shared-nothing" architecture, which means that between one request and the next no user state persists on the server. For this reason, Django can't (automatically) "remember" what your recipients were before the redirect, so it can access them in the next HTTP request.

如果您使用重定向,则不会。 Django有一个“无共享”架构,这意味着在一个请求和下一个请求之间没有用户状态在服务器上持续存在。出于这个原因,Django不能(自动)“记住”重定向之前收件人的内容,因此它可以在下一个HTTP请求中访问它们。

What are your reasons for wanting to hide them? Is there sensitive information you can't send back to the client, or something like that? One option to avoid that is to simply repeat the information the client sent (i.e. the original recipients parameter) and have the success view redo the operations that compose did on them.

你想隐藏它们的原因是什么?是否有敏感信息无法发送回客户端,或类似的东西?避免这种情况的一个选择是简单地重复客户端发送的信息(即原始收件人参数),并使成功视图重做组成的操作。

#2


1  

Maybe you want to use base64 library:

也许你想使用base64库:

>>> base64.b64encode("what is that?")
'd2hhdCBpcyB0aGF0Pw=='
>>> base64.b64decode("d2hhdCBpcyB0aGF0Pw==")
'what is that?'

Note: if you want to have more safety urls, you should do some translations on that string (otherwise other user that know base (en)coding will easily decode your value.

注意:如果您想要更多安全网址,您应该对该字符串进行一些翻译(否则其他知道base(en)编码的用户将很容易解码您的值。