Menu
What happens if a user looks at my JavaScript file, copies the content of a function and sends a request to my server using AJAX? And is there a way to properly protect against this from happening?
994
The way to protected against this is no different to the way you protected against any web request. You make it so that your site requires some form of authentication (i.e. users have to log in) and don't do thing if the request is not properly authenticated.
Typically, when you make an AJAX request, cookies are also sent along with the request so you should just be able to use the same authentication method that you use for your regular requests with your AJAX requests.
148
As per codeka, there is no way to prevent someone from crafting their own Ajax query that is identical to the one you have in your Javascript request. Cross-domain protection will not necessarily protect you there, as they can, if they wished, just type the Javascript into the address bar for themselves while on a page on your site.
The only protection you have is to validate the input and parameters provided through the Ajax query on the server-side. Limit each PHP or Python or whatever response script to a very specific task, and check the input on the server-side. If something's wrong, respond with an error.
In short, there is no way to prevent someone from sending the request, but you can prevent them from doing something you don't want them to do on your server.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
