According to a normal point of view, we can never trust the data from the front end, but for example, when submitting a form, my front-end js needs to be verified, and the back-end needs to be verified. It’s better to have less things to verify, but more (the rules are complicated) ) is troublesome. Is there any way to ensure that the front-end data is legal, or that the back-end can simply verify it (it’s a bit like a form token, although it is used to prevent repeated submissions)
According to a normal point of view, we can never trust the data from the front end, but for example, when submitting a form, my front-end js needs to be verified, and the back-end needs to be verified. It’s better to have less things to verify, but more (the rules are complicated) ) is troublesome. Is there any way to ensure that the front-end data is legal, or that the back-end can simply verify it (it’s a bit like a form token, although it is used to prevent repeated submissions)
Front-end verification only improves user experience, while back-end verification is a must.
Regarding your question, you can search the topic Front-end and back-end isomorphism . The general approach is to use nodejs as the middle layer, and deploy a set of front-end verification code in nodejs to avoid the back-end (the back-end here refers to The backend that communicates with nodejs, not nodejs itself) and then re-implement the verification logic.
Use a framework, such as yii,
Each form defines a Form model in the model layer, which defines some rules methods. It comes with many verification rules, such as email, string length, enumeration, etc. Of course, special rules can also be defined by yourself.
The best way to prevent repeated submissions or machine simulation submissions is to add verification codes.
Is there any way to ensure that the front-end data is legal, or the back-end can simply verify it
The questioner also said that you must not trust the front-end data. If the front-end performs any validation, the back-end must also perform consistent validation.
The background must be verified, because requests can be sent to the backend through simulation, thus skipping the front-end verification
No matter how good the verification done by the front end is. The backend still needs to ensure complete verification. It cannot be simply verified.
You cannot guarantee that the person sending the data sent the data through your set of verification.
In addition, front-end verification can also be regarded as improving the user experience.
So, when you write the verification, ask the front-end for a copy of the verification code they wrote and change it (smile)Is there any way to ensure that the front-end data must be legal? Then we must ensure that the data received by the back-end must come from the verified front-end. This is difficult to do on the Web