如何防止来自 ajax 的 POST 请求(通过 firebug 获得)
[英]How to prevent POST requests from ajax (obtained through firebug)
问题描述
How would I prevent users from spamming a post request?
我将如何防止用户向发布请求发送垃圾邮件? For example, a form is submitted via Ajax post.例如,通过 Ajax post 提交表单。 Using firebug I can see the post request, but I noticed that this request can be easily repeated by right clicking on it and selecting "open in a new tab" How can I prevent something like this?使用萤火虫我可以看到发布请求,但我注意到这个请求可以通过右键单击它并选择“在新选项卡中打开”轻松重复我如何防止这样的事情发生?
3 个解决方案
解决方案1
3 2011-07-08 02:28:56
When a valid user logs in or begins a session, generate a random token string and place it in a hidden form field.当有效用户登录或开始 session 时,生成一个随机令牌字符串并将其放置在隐藏的表单字段中。 Each time a valid post is made by a valid user, generate a random token string and store it in $_SESSION while also returning it to the client browser.每次有效用户发布有效帖子时,都会生成一个随机令牌字符串并将其存储在$_SESSION中,同时还将其返回给客户端浏览器。 When a the browser makes another Ajax post request, it must also send that token string which you compare against the $_SESSION .当浏览器发出另一个 Ajax 发布请求时,它还必须发送与$_SESSION进行比较的令牌字符串。
That way you can only make an Ajax post if your server has previously sanctioned it.这样,如果您的服务器之前已批准,您只能发布 Ajax 帖子。 It prevents anyone who simply knows the Ajax handler's URL from sending HTTP requests to it.它可以防止任何只知道 Ajax 处理程序的 URL 的人向它发送 HTTP 请求。
解决方案2
0 2011-07-08 02:29:33
You can't reliably.你不能可靠。 But you can check for the HTTP_X_REQUESTED_WITH header which is usually send along with ajax requests.但是您可以检查HTTP_X_REQUESTED_WITH header通常与 ajax 请求一起发送。 It can be spoofed though, and can also not be there for genuine ajax requests.但它可以被欺骗,也不能用于真正的 ajax 请求。
解决方案3
0 已采纳 2011-07-08 02:30:31
Any web form can be posted to in any number of ways.任何 web 表格都可以通过多种方式发布。 What you need to do is make sure the server-side script that processes the form has the logic needed to "ignore" spammy requests.您需要做的是确保处理表单的服务器端脚本具有“忽略”垃圾邮件请求所需的逻辑。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.