限制跨域Ajax请求 [英] Restrict Cross Domain Ajax request

问题描述

我有web应用程序（在Java中），我需要限制通过Ajax调用在任何浏览器（包括IE限制XDomainRequest对象）通过jQuery的或简单的JavaScript调用Ajax跨域请求。

I have web application (In java) where I need to restrict Cross Domain request through Ajax call in any browser (Including IE restricting XDomainRequest object) through jquery or simple javaScript ajax call.

我的最终目的是限制它，而调用时既可以通过浏览器的一些设置或设置响应头，因此不会让第一点本身来电。

My ultimate aim it to restrict it while the call is made either through some browser setting or setting response header so it wont make the call in the first point itself.

如果同一渊源考政策是一个解决方案请你解释它是如何解决的。

If same-orgin policy is a solution pls do explain how it is addressed.

感谢和问候，
Oceanvijai

Thanks and regards, Oceanvijai

推荐答案

您可以控制​​你接受通过的访问控制允许来源的响应头。如果头是缺少，从相同域唯一请求是允许的。

You can control which domains you accept AJAX requests from via the Access-Control-Allow-Origin response header. If the header is missing, only requests from the same domain are allowed.

更新：如果您希望禁止AJAX请求，甚至开始，您可以尝试的 X-内容安全性策略： XHR-SRC无 ，但我无法想象任何情况下，将是有益的。也许你可以在一个小更详细地解释这种情况？

Update: if you want to disallow even the initiation of AJAX requests, you could try X-Content-Security-Policy:xhr-src 'none', but I can't imagine any situation where that would be useful. Maybe you could explain the situation in a little more detail?

这篇关于限制跨域Ajax请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！