I keep reading that to make ajax requests safe, I need to make sure that cross-site requests are disabled. On the server side, how exactly do I disable cross-site requests, or check if they are disabled/enabled?
我一直在阅读,以使ajax请求安全,我需要确保禁用跨站点请求。在服务器端,我究竟如何禁用跨站点请求,或检查它们是否被禁用/启用?
3 个解决方案
#1
2
Cross site requests are disabled by default..
fyi : take a look at same origin policy : http://en.wikipedia.org/wiki/Same_origin_policy
默认情况下禁用跨站点请求.fyi:查看相同的原始策略:http://en.wikipedia.org/wiki/Same_origin_policy
#2
1
Cross domain is always banned because of the Same Origin Policy.
由于同源策略,始终禁止跨域。
As for your JavaScript making a XHR and someone spoofing one, they are the same and impossible to differentiate (though you can definitely make it harder).
至于你制作XHR的JavaScript和某人欺骗它们,它们是相同的,不可能区分(虽然你绝对可以让它变得更难)。
#3
0
May be someone can open your page in hyperlink so please make sure that http referrer is always from your site.
可能有人可以在超链接中打开您的页面,因此请确保http referrer总是来自您的网站。
#1
2
Cross site requests are disabled by default..
fyi : take a look at same origin policy : http://en.wikipedia.org/wiki/Same_origin_policy
默认情况下禁用跨站点请求.fyi:查看相同的原始策略:http://en.wikipedia.org/wiki/Same_origin_policy
#2
1
Cross domain is always banned because of the Same Origin Policy.
由于同源策略,始终禁止跨域。
As for your JavaScript making a XHR and someone spoofing one, they are the same and impossible to differentiate (though you can definitely make it harder).
至于你制作XHR的JavaScript和某人欺骗它们,它们是相同的,不可能区分(虽然你绝对可以让它变得更难)。
#3
0
May be someone can open your page in hyperlink so please make sure that http referrer is always from your site.
可能有人可以在超链接中打开您的页面,因此请确保http referrer总是来自您的网站。