0

I made API server with Django rest framework.

It is quite simple board, But I have some question about delete article.

When delete article, METHOD will be DELETE.

In previous code, I receive parameter(ex. password) to HTTP Body, and it works perfectly.

But after I inspect about this, DELETE Method with HTTP body is not a standard.

So, delete method with http body is bad havior?

Is there any solution about this?

Hide
  • 3,199
  • 7
  • 41
  • 83
  • The id of the deleted article should be passed in the `url`, retrieve it (id) from the delete `view` and delete the article. – Youssef BH Jun 24 '18 at 12:11
  • @YusefBH Already article id passed by url. But, article should delete when passed password == database's password. So I have to passed password to my server. My question is `Passed parameter to http body with delete method` is correct way? – Hide Jun 24 '18 at 12:32
  • No, is not the standard way of doing it, you should authenticate the user first, if it's not authenticated he can not delete articles. – Youssef BH Jun 24 '18 at 12:34
  • @YusefBH There is no authenticate system. Because it is anonymout board so user do not have to login, just write the article with password. – Hide Jun 24 '18 at 12:51
  • Ok. You can use the HTTP `Authorization` request header with the `credentials`, and make sure to use it over `HTTPS` otherwise, credentials are sent in clear text over the network. – Youssef BH Jun 24 '18 at 14:21

0 Answers0