使AJAX调用安全 [英] Making AJAX calls secure

问题描述

如果用户看我的JavaScript文件，拷贝功能的内容和发送请求到使用AJAX我的服务器会发生什么情况？而且是有办法妥善防止这种情况的发生？

What happens if a user looks at my JavaScript file, copies the content of a function and sends a request to my server using AJAX? And is there a way to properly protect against this from happening?

推荐答案

的方式来防止这无异于你免受的任意的Web请求的方式。你让这个站点需要某种形式的认证（即用户必须登录），不要做的事情，如果该请求未正确验证。

The way to protected against this is no different to the way you protected against any web request. You make it so that your site requires some form of authentication (i.e. users have to log in) and don't do thing if the request is not properly authenticated.

通常情况下，当你做一个AJAX请求，饼干也随请求发送，所以你应该只能够使用，你用你与你的AJAX请求定期请求相同的身份验证方法。

Typically, when you make an AJAX request, cookies are also sent along with the request so you should just be able to use the same authentication method that you use for your regular requests with your AJAX requests.

这篇关于使AJAX调用安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！