First, you should protect all your forms from Cross-Site Request Forgery (CSRF) attacks as we did in Chapter 3, Building a Blog Application. As you are using Mustache templates, you will need to do things a little bit differently here (for instance, you will need to write your CSRF input in plain HTML). I recommend you read the official documentation at http://fuelphp.com/docs/general/security.html#csrf.
The documentation can be accessed on the FuelPHP website by navigating to DOCS | FuelPHP | General | Security.
Secondly, if you want to make your API easily available using JavaScript on an external website, you have to set the Access-Control-Allow-Origin header to *
. This can be done in the before
method inside the Base
controller.
Next, we only used the post/inside_list
partial in the JavaScript side of our application, but we could have done much more. For instance, since all the data is available, instead of loading the profile page HTML version when we click on a...