1

I have an isomorphic app that renders a sign in form using redux-form and allows a user to enter a user name and password.

This all works fine client-side but if I turn off JS I can't seem to get the values from the form to process via an API.

NB: When form is GET, the values show in the url as query params but obviously don't want to show sensitive data.

class SignIn extends Component {

    static propTypes = {
        errorMessage: PropTypes.string,
        handleSubmit: PropTypes.func,
        signinUser: PropTypes.func
    }

    statics = {
        fields: [
            {
                name: 'email',
                label: 'Email'
            },
            {
                name: 'password',
                label: 'Password',
                type: 'password'
            }
        ]
    }

    handleFormSubmit({ email, password }) {
        this.props.signinUser({ email, password });
    }

    // renders an alert if field has an error
    renderAlert() {
        if (this.props.errorMessage) {
            return (
                <div className='alert alert-danger'>
                    <strong>Oops!</strong> {this.props.errorMessage}
                </div>
            );
        }

        return false;
    }

    // render the field
    renderField = ({ input, label, name, type, meta: { touched, error }, ...rest }) => (
        <div>
            <label htmlFor={name}>{label}</label>
            <div>
                <input {...input} {...rest} id={name} placeholder={label} type={type} />
                {touched && error && <span className='error'>{error}</span>}
            </div>
        </div>
    );

    render() {
        const { handleSubmit } = this.props;

        return (
            <form method='post' onSubmit={handleSubmit((data) => this.handleFormSubmit(data))}>
                {
                    this.statics.fields.map((field, index) =>
                        <fieldset className='form-group' key={index}>
                            <Field
                                className='form-control'
                                component={this.renderField}
                                label={field.label}
                                name={field.name}
                                type={field.type || 'text'}
                            />
                        </fieldset>
                    )
                }
                {this.renderAlert()}
                <button action='submit' className='btn btn-primary'>Sign in</button>
            </form>
        );
    }
}

and the routes:

<Route path='/' component={App}>
    <IndexRoute component={Welcome} />
    <Route path='/feature' onEnter={requireAuth} component={Feature} />
    <Route path='/signin' component={Signin} />
    <Route path='/signout' component={Signout} />
    <Route path='/signup' component={Signup} />
</Route>
Paul
  • 363
  • 5
  • 15
  • Just a quick note on GET vs POST. Using POST is **not** enough to hide sensitive data. Everything that gets submitted is clearly visible for POST requests, it's just visible in a different place (request body instead of URL). If you want to hide sensitive data from a 3rd party, use SSL. If you want to keep anything hidden from the user, don't send it to the browser. – ivarni Sep 16 '16 at 04:58
  • 1
    I don't understand, how would you expect React to work with JS disabled? your form won't even render, unless you're rendering that server-side? even if you do, there's no way to intercept the form submit and make an AJAX call without JS enabled in the browser. – Benja Sep 16 '16 at 06:07
  • It is rendering server-side as it's a universal/isormorphic app. So maybe the question is more node.js and how do I intercept that and make a POST request to node? – Paul Sep 16 '16 at 09:36

1 Answers1

0

This is what https is for :)

the page containing the form should be on https and it should be POSTing to a https end-point.

If you have well-written universal code and the page renders the form on the server (and all the JS is doing is enhancing the page) then the POSTing the form over https should be fine.

peter.mouland
  • 1,893
  • 17
  • 30
  • So I have it POSTing but I can't retrieve the values. I guess the question is can I do this with React or does this part need to be done via node.js? – Paul Sep 16 '16 at 09:37
  • 1
    when you POST a form it is sent to a server, so this will have to be koa/express in node. i.e. http://stackoverflow.com/questions/5710358/how-to-retrieve-post-query-parameters-in-express [react-lego](https://github.com/peter-mouland/react-lego) is a universal app which has an api on the server if you want ideas where to start. – peter.mouland Sep 16 '16 at 09:49