简体繁体 English

如何确保请求来自我的网站？

[英]How to make sure requests are from my website?

原文 2012-09-20 04:33:23 0 1 javascript/ jquery

Some smartass people are using my api-centric web app to clone my service and make it appear like their own. 一些smartass人正在使用以api为中心的Web应用程序来克隆我的服务，并使它们看起来像自己的服务。 Is there a way to make sure all ajax requests are for/from my website? 有没有办法确保所有ajax请求都来自/来自我的网站？

Sure I could use the referrer header but they could easily fake it. 当然可以使用引荐来源标头，但他们可以轻松地伪造它。

1 个解决方案

Set a cookie on the client when it hits your site, before it sends any Ajax requests. 发送任何Ajax请求之前，请在客户端访问您的站点时在其上设置cookie。

Then validate the cookie when serving the Ajax. 然后在提供Ajax时验证cookie。

Or alternatively you could make your Ajax requests POST only. 或者，您可以使Ajax仅请求POST。 This way they are subject to the same origin policy. 这样，它们将受相同的原产地政策约束。

It will break the whole restful ideology though. 它将打破整个宁静的思想体系。

http://en.wikipedia.org/wiki/Same_origin_policy http://en.wikipedia.org/wiki/Same_origin_policy

如何让我的 Django API 只接受来自我网站本身的请求？ - How can I make my Django API only accept requests that come from my website itself?

如何确保禁用javascript运行网站 - how to make sure run website with javascript disabled

如何确保只有我自己的网站（客户端代码）可以与 Firebase 后端通信？ - how to make sure only my own website (clientside code) can talk to Firebase backend?

如何测试查看我网站的用户是否看不到某些内容，以及如何确保我的测试有效？ - How can I test if a user viewing my website can not see some content, and how can I make sure my test works?

如何从我的 Netlify 前端向我的 Heroku 服务器发出请求？ - How to make requests to my Heroku server from my Netlify frontend?

获取来自我网站的请求 - Get where requests coming from to my website

防止来自我网站的cURL请求 - Prevent cURL requests from my website

如何从我的redux动作向GraphQL-server发出请求？ - How to make requests to GraphQL-server from my redux action?

如何确保使用React的第一个渲染具有localStorage的值？ - How do I make sure my first render with React has a value from localStorage?

我如何确保在进行后续操作之前能解决来自postgres的承诺？ - How can I make sure my promise from postgres gets resolved before proceding?

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何让我的 Django API 只接受来自我网站本身的请求？ - How can I make my Django API only accept requests that come from my website itself? 如何确保禁用javascript运行网站 - how to make sure run website with javascript disabled 如何确保只有我自己的网站（客户端代码）可以与 Firebase 后端通信？ - how to make sure only my own website (clientside code) can talk to Firebase backend? 如何测试查看我网站的用户是否看不到某些内容，以及如何确保我的测试有效？ - How can I test if a user viewing my website can not see some content, and how can I make sure my test works? 如何从我的 Netlify 前端向我的 Heroku 服务器发出请求？ - How to make requests to my Heroku server from my Netlify frontend? 获取来自我网站的请求 - Get where requests coming from to my website 防止来自我网站的cURL请求 - Prevent cURL requests from my website 如何从我的redux动作向GraphQL-server发出请求？ - How to make requests to GraphQL-server from my redux action? 如何确保使用React的第一个渲染具有localStorage的值？ - How do I make sure my first render with React has a value from localStorage? 我如何确保在进行后续操作之前能解决来自postgres的承诺？ - How can I make sure my promise from postgres gets resolved before proceding?

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM