-2

Currently I have this code:

    $('#confirm-delete-task-button').click(function() {
        $(location).attr('href', '{{ path('tasks_delete', {'id': task.getId()}) }}');
    });

So on the button press, the delete page is loaded. The problem with this though is that someone could potentially delete a task simply by typing in the wrong URL, which I don't want to happen.

Is it possible with jQuery, to POST data to that page? I still want it to load on screen so I don't need any ajax or anything... I just want to submit POST data in jQuery.

Any advice welcome, thanks.

b85411
  • 8,054
  • 10
  • 54
  • 109
  • 1
    Changing the request from GET to POST doesn't make it any more secure. If you want to stop accidental deletions, it would be best to request confirmation on the UI, and possibly generate a token to verify the request depending on the level of security you need. You should also check on the server side that the current user has permissions to access the data etc. – Rory McCrossan Jun 30 '15 at 08:33
  • If you want to post something without leaving the screen you have to use Ajax.. – Rickert Jun 30 '15 at 08:37

1 Answers1

1

You can do it using jquery but it is a bit of a hack (JavaScript post request like a form submit).

I personally would wrap your delete buttons in forms for a much more robust approach:

<form method="post" action="{{ path('tasks_delete', {'id': task.getId()}) }}">
    <button type="submit">Delete</button>
</form>

You can still use jquery if you wanted some kind of confirmation dialog before submitting the form.

Community
  • 1
  • 1
dk80
  • 516
  • 2
  • 12