Hapi-method-change NPM

hapi-method-change

Hapi plugin for changing form methods from post to put, delete or patch.

Similar to the approach taken by Express/Sails, and Rails

Note: The request pipeline in hapi allows incoming request methods to be changed at the 'onRequest' extension point of the request lifecycle. At this point however, the request stream has not been processed, and so 'payload'/form data is not yet available. This means that in addition to the hidden form field approach taken by Express and Rails, we'll need to include a query string 'signal' to trigger the method change, and then later in the pipeline verify the method against the hidden form field value. The extra verification is needed to protect against malicious changes of querystring values. For example, a 'get' request that's been changed to a 'delete' request.

The form will therefore need both a querystring value, and a hidden field for the requested method.

<form action="/users/112?_method=delete" method="POST">
  <input name="_method" id="_method" value="delete" type="hidden" />
  ...
</form>

Also note that if you use this plugin in combination with the Crumb csrf module, the crumb module will need to be patched as follows: https://github.com/58bits/crumb/blob/master/lib/index.js#L95

Installation

npm install hapi-method-change --save

Registering the Plugin

server.register(require('hapi-method-change'), function(err) {
  if (err) {
    console.log('Failed loading plugin');
  }
});

hapi plugin post

@infinitebrahmanuniverse/nolb-hapi-m @everything-registry/sub-chunk-1824

1.0.0

10 years ago