Replies: 5 comments
-
|
There would be a security concern with this... if you could retrieve the record by GUID, as well as showing the summary of the submissions just created, you could retrieve data about any record, across any form. Of course you would need to know the GUID identifiers which isn't likely, but it's not really protected in any form of authorization. So it's a possibility, but would need to be opt-in I think if you were prepared to take on the risk. Similar in a way to the allow editable form submissions option. |
Beta Was this translation helpful? Give feedback.
-
|
@AndyButland isn't is the same, which happen in a traditional MVC project, where it can include form guid and record guid in querystring and one could use record service to list these data on "Thank you" page? |
Beta Was this translation helpful? Give feedback.
-
|
That would have a similar issue yes, but would perhaps be considered not the best practice - and avoided by storing the GUID in the session rather than adding it to a querystring. |
Beta Was this translation helpful? Give feedback.
-
|
I guess the new Management API handle this, which is used in the new backoffice (Umbraco 14), where it has a endpoint to fetch record data? Does it secure it in any way different from other endpoints and Delivery API (if not public)? |
Beta Was this translation helpful? Give feedback.
-
|
For management API you need to have a token you receive from being logged in via the backoffice. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
In a headless setup we can submit form and fetch form:
https://docs.umbraco.com/umbraco-forms/developer/ajaxforms
However I don't see any option to fetch a specific record from
Guid.We would like to fetch data for a record to show a summary of the submission.
Beta Was this translation helpful? Give feedback.
All reactions