Separate POST URL from <form> element #408
VincentTam
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Rationale
To prevent search bot from getting the API instance's URL and abusing it.
Reference
https://www.willmaster.com/library/manage-forms/bot-block-for-forms.php
Solution
<form action="" ...>
, or even remove theaction
attribute.<script>
tag on the same page enables search bots to grep the script, which contains the URL—that's an undesirable scenario.)Implementation
For example, you may view my PR daattali/beautiful-jekyll#521. I removed the file
_includes/staticman-script.html
. The JS code inside was moved to a new filejs/staticman.js
. The Jekyll codesite.staticman.*
enables the parameters in_config.yml
in site owner (i.e. theme user)'s GitHub/GitLab repo to be parsed by Jekyll and shown in the generated JavaScript{baseURL}/js/staticman.js
. The URL is chopped into several pieces in the config, and it gets restored at the lineurl
.N.B. The code comes from @mmistakes's theme Minimal Mistakes.
❗ The project structure of the linked Jekyll theme has been changed. The
ajax
method in my linked PR conflicts with jQuery slim. My next discussion addresses this.Beta Was this translation helpful? Give feedback.
All reactions