ajax-如何防止浏览器显示ajax网址 [英] ajax-How to prevent browsers to show ajax url

问题描述

当我们想通过ajax将一些数据发布到php页面时，任何人都可以看到URL以及正在发布的值.

When we want to post some data to a php page via ajax , any one can see the URL and also the values being post.

这可能非常危险，有什么办法可以确保这一点吗?我可以隐藏URL或以任何方式对URL进行编码，以使用户看不到并访问它吗?

It can be very dangerous, is there any way to secure this? Can I hide the URL or any way to encode the URL so users can't see it and access it ?

这是示例代码，如您所见，URL可以将数据公开在源代码中，也可以公开在Firebug等检查器上.

This is a sample code, as you can see, the URL can data are expose in the source and also on inspectors like Firebug.

function reg_user(id){
$(document).ready(function() { 
$.ajax({
   type: "POST",
   url: "reg_user.php",
   data: "id="+id,
   success: function(msg){
        str=$.trim(msg)
        if (str=='ok'){

        }
  }
   })   
})
};

谢谢

推荐答案

没有办法.您浏览的所有url都将被浏览器的开发工具栏或网络捕获工具(例如Wireshark)捕获.

no way.all of the url you navigated would be caught by browser's development toolbar or net capture tool,such as wireshark.

Ajax是使javascript具有发送http请求的能力的工具，但是javascript没有对http消息进行加密的能力.调用ajax函数时，它意味着告诉浏览器立即发送http请求.

Ajax is the a tool that make the javascript have the ability to sending http request,but javascript has no ability to encrypt http message.When call ajax function, it mean tell the browser to send a http request now.

即使javascript具有加密http消息的功能，您也需要在javascript代码中写入加密密钥.

Even though javascript has the ability to encrypt http message, you need write the encrypt key in you javascript code.

我弄错了，总HTTP消息在https中加密，包括标头和请求正文，但是此功能由浏览器提供.如果在https网站上使用ajax，则JavaScript告诉浏览器发送https请求，然后浏览器负责加密发送的消息.

I have make a mistake, total http message are encrypted in https, both headers and request body,but this function is supplied by browser.If you use ajax in https website,javascript tell browser to send https request,and the browser in charge of encrypt the sending message.

这篇关于ajax-如何防止浏览器显示ajax网址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！