How to block external http requests? (securing AJAX calls)

by

There is no way to avoid forged requests in this case, as the client browser already has everything necessary to make the request; it is only a matter of some debugging for a malicious user to figure out how to make arbitrary requests to your backend, and probably even using your own code to make it easier. You don’t need “cryptographic tricks”, you need only obfuscation, and that will only make forging a bit inconvenient, but still not impossible.

More Related Contents:

  1. What is the motivation behind the introduction of preflight CORS requests?
  2. Returning redirect as response to XHR request
  3. What does it mean when an HTTP request returns status code 0?
  4. What security risks exist when setting Access-Control-Allow-Origin to accept all domains?
  5. Does an HTTP Status code of 0 have any meaning?
  6. WebSockets protocol vs HTTP
  7. Why the cross-domain Ajax is a security concern?
  8. Set-Cookie on Browser with Ajax Request via CORS
  9. Returning redirect as response to Ajax (fetch, XHR, etc.) request
  10. HTTP Cookies and Ajax requests over HTTPS
  11. Using the HTTP Range Header with a range specifier other than bytes?
  12. Angular 2 HTTP Progress bar
  13. GET vs POST in AJAX?
  14. Basic example of using .ajax() with JSONP?
  15. jQuery: Performing synchronous AJAX requests
  16. jQuery.ajax handling continue responses: “success:” vs “.done”?
  17. POST JSON fails with 415 Unsupported media type, Spring 3 mvc
  18. Same origin Policy and CORS (Cross-origin resource sharing)
  19. How to get response status code from jQuery.ajax?
  20. Google Maps API throws “Uncaught ReferenceError: google is not defined” only when using AJAX
  21. How to enable cross-domain request on the server?
  22. Add additional parameter to JSF Ajax event listener
  23. Minimum Working Example for ajax POST in Laravel 5.3
  24. Does Vue.JS work with AJAX http calls?
  25. Stop the browser “throbber of doom” while loading comet/server push iframe
  26. List of events
  27. ICEfaces libary in classpath prevents Save As dialog from popping up on file download
  28. How to Implement ajax pagination with will_paginate gem
  29. Selenium WebDriver – determine if element is clickable (i.e. not obscured by dojo modal lightbox)
  30. NETWORK_ERROR: XMLHttpRequest Exception 101

Leave a Comment