Home > database >  Most secure way of sending data to DELETE request (req.params / req.query)
Most secure way of sending data to DELETE request (req.params / req.query)

Time:09-23

req.params property

We can call a DELETE request by using the req.params.id by gathering URL parameters for pointing to a record by its id for example to a backend route /users/delete/id/:id

req.query property

We can call a DELETE request by using req.query.id for extracting a JSON object and send it to a backend route /users/delete?id=2 to the controller/model for a record to be deleted like {"id": "2"}


Question

What is the safest way for sending data to DELETE requests in terms of security issues that a user may take advantage of directly or indirectly considering we already have a safe login system?

CodePudding user response:

If you were using GET or POST then the URL and body (if it wasn't JSON) might be vulnerable to CSRF attacks, but you can't trigger a DELETE request with cross-origin code (unless explicitly granted permission with a perflight CORS request).

You aren't, so it doesn't make any difference (at least from a security perspective).

  • Related