更新时间:2023-02-26 13:57:26
我想你担心CSRF攻击。请点击此处阅读更多信息: https://www.owasp.org/index .bp / Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet
保护您的请求最常用的选项之一是:
- 生成令牌并将其发送给会话请求。您的Web服务器可将此令牌标识为源自特定客户端的特定会话
suppose I work with some kind of API and my file server.php handles the connection to the API service. on my client side I use AJAX call like this:
$http({
url : 'server/server.php',
method : 'GET',
data : { getContent : true }
});
in my server.php I handle it like this:
if(isset($_GET['getContent'])){
$content = get_content();
}
function get_content(){...}
i just wonder what prevents any one send AJAX call with the same getContent parameter and get all my data? how can i secure it and make sure only calls from my application will get the relevant data back?
thank you!
I guess you are concerned about CSRF attacks. Read more about this here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet
One of the mostly used option to secure your request will be: - Generate a token and send it with the request for a session. This token can be identified by your WebServer as originating from a specific client for a specific session