Forms API fetch record entry #1225
Comments
|
There would be a security concern with this... if you could retrieve the record by GUID, as well as showing the summary of the submissions just created, you could retrieve data about any record, across any form. Of course you would need to know the GUID identifiers which isn't likely, but it's not really protected in any form of authorization. So it's a possibility, but would need to be opt-in I think if you were prepared to take on the risk. Similar in a way to the allow editable form submissions option. |
|
@AndyButland isn't is the same, which happen in a traditional MVC project, where it can include form guid and record guid in querystring and one could use record service to list these data on "Thank you" page? |
|
That would have a similar issue yes, but would perhaps be considered not the best practice - and avoided by storing the GUID in the session rather than adding it to a querystring. |
|
I guess the new Management API handle this, which is used in the new backoffice (Umbraco 14), where it has a endpoint to fetch record data? Does it secure it in any way different from other endpoints and Delivery API (if not public)? |
|
For management API you need to have a token you receive from being logged in via the backoffice. |
In a headless setup we can submit form and fetch form:
https://docs.umbraco.com/umbraco-forms/developer/ajaxforms
However I don't see any option to fetch a specific record from
Guid.We would like to fetch data for a record to show a summary of the submission.
The text was updated successfully, but these errors were encountered: