CODEWITHSUNDEEP
node.jsexpress
poopit
poopit

Reputation: 169

Sending params in http request library

So this question is related to a popular express library (I think) called request https://github.com/request/request

I've been scrolling through its README.md and I'm either blind or I'm having a hard time finding a way to send params in a GET request. The api service I'm using tells me to 

"send a GET request to the /1/login endpoint with username 
and password as URL-encoded parameters:"

I don't believe I should be using streaming, forms, http authentication, custom http Headers, OAuth Signing, proxies, Unix Domain SOckets, TLS/SSL protocol. Do I encode it and send it as query parameters? which doesn't seem safe because I'm using the service for logging in users. Crossing fingers that this isn't a dumb question

Upvotes: 1

Views: 64

Answers (1)

Plato
Plato

Reputation: 11072

to send query string parameters with the request library use the qs option:

request({
  method: 'GET',
  uri:'https://google.com/search',
  qs: {
    q: 'search query',
  }
}, function(err, res, body){
  console.log(body)
})

You are correct to be cautious about credentials. IMO for most applications you can use HTTPS throughout your site, POST username/password as a form body or JSON, and rely on TLS to protect the data in transit. Mixing HTTP and HTTPS is risky, e.g. an HTTP page containing a link to https://domain.com/login is vulnerable to the "sslstrip" attack (where an attacker poisons the http code, replacing the link with http://attacker.com/?spoof=https://domain.com/login.)

I advise against making (in-browser) GET requests with username/password in querystring because they'll show up in the address bar and someone can look over the user's shoulder.

Upvotes: 1

Related Questions