如何隐藏用户的jquery ajax代码 [英] How to hide jquery ajax code from users
问题描述
我有这个项目(C#ASP.NET Web Forms& Web Services),我正在加载&使用jquery ajax绑定搜索结果。它工作得很好而且非常快。
但是我担心的唯一与安全相关的问题是ajax javascript代码对于所有用户都是可见的开发工具。
I have this project (C# ASP.NET Web Forms & Web Services) in which I am loading & binding search results using jquery ajax. It is working fine and it's very fast.
But the only security-related problem that I am worried about is that the ajax javascript code is visible to all users in the dev tools.
function loadEventNotification(refEventID, sequence, listActiveType, filterType) {
try {
var param = 'RefEventId : ' + JSON.stringify(refEventID) + ' , Sequence : ' + JSON.stringify(sequence) + ' , ListActiveType : ' + JSON.stringify(listActiveType) + ' , FilterType : ' + JSON.stringify(filterType);
var notifID = 0;
$.ajax({
type: "POST",
url: "../Services/CMEventDataService.asmx" + "/" + "CM_LoadEventNotificationWS",
data: "{" + param + "}",
contentType: "application/json; charset=utf-8",
dataType: "json",
success: function (response) {
var total = 0;
if (response.d == 'NOAUTH') {
message = 'Error : Your are not authorised to access this service';
}
else if (response.d == 'ERROR') {
message = 'Error : Unable to find records';
}
else if (response.d != '') {
var list = eval(response.d.replace(/\\/g, "\\\\"));
total = list.length;
var notif = '';
$.each(list, function (k, v) {
//Some Html stuff gos here
});
$(document).find('#cdsn-items').html(notif);
}
else {
message = 'No matching records found';
}
},
error: function (response) {
message = 'Error : Unable to load records';
},
timeout: 120000
});
} catch (err) {
console.log(err.message);
}
}
无论如何我可以向用户隐藏此代码吗?
一旦某人能够看到js ajax代码,他们就会获取Web服务的URL。我确保无法从其他域调用Web服务(NOAUTH错误)
但是,代码在开发工具中公开
有什么建议吗?高度赞赏
我尝试过的事情:
我试图寻找方法调用服务器端代码,但到目前为止没有帮助
Can I in anyway hide this code from the users?
Once somebody is able to see the js ajax code then they will pick up the URL of the Web Service. I have made sure that the web service cannot be called from other domains (NOAUTH error)
But still, the code is exposed in dev tools
Any suggestions? Highly Appreciated
What I have tried:
I tried finding ways of calling a server-side code but so far no help
推荐答案
.ajax({
type:POST,
url: ../Services/CMEventDataService.asmx+/+CM_LoadEventNotificationWS,
data:{+ param +},
contentType:application / json; charset = utf-8 ,
dataType:json,
成功:函数(响应){
var total = 0;
if(response.d =='NOAUTH'){
message ='错误:您无权访问此服务';
}
else if(response.d =='ERROR'){
message ='错误:无法查找记录';
}
else if(response.d!=''){
var list = eval( response.d.replace(/ \\ / g,\\\\));
total = list.length;
var notif ='';
.ajax({ type: "POST", url: "../Services/CMEventDataService.asmx" + "/" + "CM_LoadEventNotificationWS", data: "{" + param + "}", contentType: "application/json; charset=utf-8", dataType: "json", success: function (response) { var total = 0; if (response.d == 'NOAUTH') { message = 'Error : Your are not authorised to access this service'; } else if (response.d == 'ERROR') { message = 'Error : Unable to find records'; } else if (response.d != '') { var list = eval(response.d.replace(/\\/g, "\\\\")); total = list.length; var notif = '';
.each(list,function(k,v){
//这里的一些Html东西gos
});
.each(list, function (k, v) { //Some Html stuff gos here });
(document).find('#cdsn-items')。html(notif);
}
else {
message ='找不到匹配的记录';
}
},
错误:函数(响应){
message ='错误:无法加载记录';
},
超时:120000
});
} catch(错误){
console.log(err.message);
}
}
(document).find('#cdsn-items').html(notif); } else { message = 'No matching records found'; } }, error: function (response) { message = 'Error : Unable to load records'; }, timeout: 120000 }); } catch (err) { console.log(err.message); } }
无论如何我可以向用户隐藏此代码吗?
一旦某人能够看到js ajax代码,他们就会获取Web服务的URL。我确保无法从其他域调用Web服务(NOAUTH错误)
但是,代码在开发工具中公开
有什么建议吗?高度赞赏
我尝试过的事情:
我试图寻找方法调用服务器端代码,但到目前为止没有帮助
Can I in anyway hide this code from the users?
Once somebody is able to see the js ajax code then they will pick up the URL of the Web Service. I have made sure that the web service cannot be called from other domains (NOAUTH error)
But still, the code is exposed in dev tools
Any suggestions? Highly Appreciated
What I have tried:
I tried finding ways of calling a server-side code but so far no help
这篇关于如何隐藏用户的jquery ajax代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!