According to the normal point of view, we are absolutely not able to believe the front-end to the data, but for example, the form submission, I front-end JS to verify, the back end and verify, the verification of things less good, a lot (rules complex) on the trouble, there is no way to ensure that the front-end data must be legitimate, or the It's kind of like a form token, though he's used to prevent duplicate submissions.
Reply content:
According to the normal point of view, we are absolutely not able to believe the front-end to the data, but for example, the form submission, I front-end JS to verify, the back end and verify, the verification of things less good, a lot (rules complex) on the trouble, there is no way to ensure that the front-end data must be legitimate, or the It's kind of like a form token, though he's used to prevent duplicate submissions.
Front-end verification is just a matter of improving the user experience, and back-end verification is what must be done.
About your problem, you can search for the topic of isomorphism , the main idea is to use Nodejs to do the middle layer, the front-end verification code in Nodejs also deploy a set, to avoid the back end (where the back end is the back end of communication with Nodejs, Rather than Nodejs itself) and re-implement the check logic again.
Using frames, such as Yii,
Each form defines a form model in the model layer, which defines some rules methods. Comes with many validation rules, such as mailboxes, string lengths, enumerations, and so on. Of course, special rules can also be defined by themselves.
The best way to prevent duplicate submissions or machine simulation submissions is to add a verification code.
Is there any way to ensure that the front-end data is legitimate, or that the backend is as simple as verification?
The master also said absolutely can not believe the front-end data, then the front-end to do any validation, the back end also need to do to maintain consistent efficacy.
The background must be verified, because the request can be sent back in a simulated way, thus skipping the front-end validation
Even if the front-end calibration is good. The back end is still to ensure a complete checksum. Instead of simply verifying it.
You cannot guarantee that the person sending the data is sending the data through your set of checks.
In addition, front-end verification is a boost to the user experience.
Is there any way to make sure the front end data is legitimate
It is important to ensure that the backend receives data from the verified front end, which is difficult to do on the Web
So, when you write a check, ask the front-end to a copy of their code to write a check, change (smile)