How to check if cross-domain requests are disabled

时间:2022-08-23 10:29:48

I keep reading that to make ajax requests safe, I need to make sure that cross-site requests are disabled. On the server side, how exactly do I disable cross-site requests, or check if they are disabled/enabled?

我一直在阅读,以使ajax请求安全,我需要确保禁用跨站点请求。在服务器端,我究竟如何禁用跨站点请求,或检查它们是否被禁用/启用?

3 个解决方案

#1


2  

Cross site requests are disabled by default..
fyi : take a look at same origin policy : http://en.wikipedia.org/wiki/Same_origin_policy

默认情况下禁用跨站点请求.fyi:查看相同的原始策略:http://en.wikipedia.org/wiki/Same_origin_policy

#2


1  

Cross domain is always banned because of the Same Origin Policy.

由于同源策略,始终禁止跨域。

As for your JavaScript making a XHR and someone spoofing one, they are the same and impossible to differentiate (though you can definitely make it harder).

至于你制作XHR的JavaScript和某人欺骗它们,它们是相同的,不可能区分(虽然你绝对可以让它变得更难)。

#3


0  

May be someone can open your page in hyperlink so please make sure that http referrer is always from your site.

可能有人可以在超链接中打开您的页面,因此请确保http referrer总是来自您的网站。

#1


2  

Cross site requests are disabled by default..
fyi : take a look at same origin policy : http://en.wikipedia.org/wiki/Same_origin_policy

默认情况下禁用跨站点请求.fyi:查看相同的原始策略:http://en.wikipedia.org/wiki/Same_origin_policy

#2


1  

Cross domain is always banned because of the Same Origin Policy.

由于同源策略,始终禁止跨域。

As for your JavaScript making a XHR and someone spoofing one, they are the same and impossible to differentiate (though you can definitely make it harder).

至于你制作XHR的JavaScript和某人欺骗它们,它们是相同的,不可能区分(虽然你绝对可以让它变得更难)。

#3


0  

May be someone can open your page in hyperlink so please make sure that http referrer is always from your site.

可能有人可以在超链接中打开您的页面,因此请确保http referrer总是来自您的网站。