在jquery.load中调用外部网站URL

Question

I'm using two servers one is Tomcat and other Node.js.

Now I want to call node.js application form Tomcat application,For that I tried like following:

         $("#chatArea").load("http://localhost:3000/?id=man&to=opp");

But it doesn't worked,after goggling I found following:

     $("#chatArea").html('<object data="http://vvvurt.org:3000/?id=man&to=opp" />');

           //calling node.js application from tomcat.

It Worked But problem here is SECURITY,By clicking on Inspect element Any user can see the url http://vvvurt.org:3000/?id=man&to=opp and can pass any parameters to node.js application.

Not only in this situation I faced it so many times.
How can I stop this kind of bug.

Answer 1

Security isn't a bug. What I do when I need to locally communicate between two local servers is disable web security in Chrome Canary, to ensure I'm not using proper Chrome and open up to vulnerabilities. If you're on a Mac you can run this line on Terminal:

open -a Google\ Chrome --args --disable-web-security

Answer 2

Write your application so that anything the client does can be publicly known, then handle authentication and authorization on the server side, so that whenever a call comes in to either of your two servers, you check to make sure that user really has the right to do it.

Trust me, there are many other ways to see how and what your client is communicating to your servers, so you have to design you application while keeping in mind that anyone can see and understand how your client works.