javascript - res.redirect not working after the page is rendered with data -


i have simple functionality of forget password, when user requests change in password recieves email token , email on clicking of redirected page take new passwords.

what when click on link in email , server gets request , function take data out of link renders page data (using res.render) , should redirect rendered page.

the problem facing when click on link getting data , page rendered can't let res.redirect() work.

my link looks 

http://localhost:3000/api/resetpassword?_csrf=ab8aa6a41567f817330e3e0a214725f8b2f88b487d5bef16f162e033c6a63dc41933511ddb79cb44ca049f472b3e0c593dbbaf&email=dummyemail%2540dumyurl.ca

and request on server using app.get().

app.get('/api/resetpassword', admin.resetpasswordpage);

and rendering , redirecting function looks this;

resetpasswordpage: function (req, res, next) {     req.query.email = decodeuricomponent(req.query.email) ;     res.render('resetpassword', {         email: req.query.email,         csrf : req.query._csrf,      }, function (err, html) {         console.log("testing html ", html);         if (!err)         res.redirect("/resetpassword");     }); }

rendering successful getting complete html of page in html parameter, question how redirect page. page made in ejs , in views folder.

it sounds want flow:

  1. user clicks link /api/resetpassword...
  2. express runs resetpasswordpage function
  3. resetpasswordpage responds reset password form html page, pre-filled out based on query parameters
  4. i think @ point don't url in browser address bar, why think need redirect. need query string parameters, , if redirect /resetpassword, you'll lose them. either have live url (which recommend it's simplest) or rely on session state , session cookie. however, marking session passwordresetok=true exposes whole bunch of csrf attacks _csrf query string parameter there prevent.
  5. you don't need redirect here, browser has form. next step user fill out form , submit <form method="post" action="/resetpassword">
  6. browser post /resetpassword
  7. express routes function changes password , either sends success page or redirects home page or whatever

so long story short think need accept url being , don't need redirect in here until after password reset operation completes.


Comments

Post a Comment

Popular posts from this blog

php - Calling a template part from a post -

i include iframe within post in wordpress. located inside content of post, meaning cannot in post template file, otherwise either before or after. i'd add facebook plugin within posts: <div id="socialwrap"><div class="fb-like" data-href="http://onlinearizonahomes.info" data-send="true" data-width="450" data-show-faces="true" data-font="arial"></div></div> i thinking of calling template part within post <?php get_template_part( 'social' ); ?> cannot use php within post without plugin (i'd avoid using plugin this). an alternative using javascript create html in post, seems unnecessary use of javascript. what best way add html within wordpress post? you can use shortcode. add functions.php function cudjex_fbshare( $atts, $content = null ) { global $post; $link = get_permalink($post->id); return '<div id="socialwrap...
Read more

Firefox SVG shape not printing when it has stroke -

Image
i having issue svg shapes have stroke , trying them print in firefox. this simplest example: <svg xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink"> <rect x="0" y="0" rx="15" ry="15" width="300" height="400" style="stroke:black;stroke-width:5;" fill="black" /> <circle id="firstcircle" cx="50" cy="50" r="30" stroke="black" stroke-width="2" fill="white" style="opacity:0.75;"/> <circle id="secondcircle" cx="50" cy="150" r="30" fill="white" style="opacity:0.75;"/> </svg> when try , print first shape 1 of 2 things: it not show @ all it shows off center in bounding box. the second shape no stroke shows expected, expected. when displaying on scre...
Read more

How to mention the localhost in android -

i trying call localhost in android application. unfortunately not possible used several methods emulator local host http://10.0.2.2/android/dbconnection.php and network ip address http://192.168.1.xx/android/dbconnection.php also http://localhost:8080/android/dbconnection.php but nothing connected localhost. purpose refer stackoverflow answers not working i facing same problem when worked on localhost. referred stackoverflow answer got solution create new emulator works fine in new emulator.
Read more