Reputation: 15742
Secure deleting object
I have a table in which I can edit and delete all objects of the entity class persisted to the database.
When I now go to the delete-url: What is the best practise to secure the deletion, so that the user has to confirm the deleting?
A simple button or is there a better solution?
Upvotes: 0
Views: 1103
Answers (3)
Reputation: 105878
No! Don't do this! Don't provide a URL that directly deletes anything!
GET requests should be idempotent, and not doing so is actually a violation of the HTTP specification.
Destructive actions within your application should execute as POST requests.
A JavaScript-driven confirmation dialog is a nice UI feature, but it does not fix the problem!
Upvotes: 7
Reputation: 1245
An alert on the button is not enough. If the URL is entered directly in your browser, the record is deleted. You need to ensure request is made with POST verb.
Upvotes: 1
Reputation: 9957
You can capture the onclick event of the button with javascript and show a popup allowing the user to confirm the deletion.
Upvotes: 1
Related Questions
- How to delete Entity from the database in Symfony
- Completely delete Entity from symfony 4
- How do I delete an entity from symfony2
- Symfony Doctrine Prevent Particular Entity's Record Deletion
- Delete record from database symfony
- Secure the removal of an entity with Symfony 2
- Preventing removal of entity
- Deleting entities non-destructively in Symfony2
- Symfony2: Delete entity through post request (improvements required)
- Delete ACL when deleting an entity in Symfony2