我想你担心CSRF攻击。请点击此处阅读更多信息： https://www.owasp.org/index .bp / Cross-Site_Request_Forgery_％28CSRF％29_Prevention_Cheat_Sheet

保护您的请求最常用的选项之一是：
- 生成令牌并将其发送给会话请求。您的Web服务器可将此令牌标识为源自特定客户端的特定会话

suppose I work with some kind of API and my file server.php handles the connection to the API service. on my client side I use AJAX call like this:

$http({
         url : 'server/server.php',
         method : 'GET',
         data : { getContent : true }
     });

in my server.php I handle it like this:

if(isset($_GET['getContent'])){
    $content = get_content();
}

function get_content(){...}

i just wonder what prevents any one send AJAX call with the same getContent parameter and get all my data? how can i secure it and make sure only calls from my application will get the relevant data back?

thank you!

I guess you are concerned about CSRF attacks. Read more about this here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet

One of the mostly used option to secure your request will be: - Generate a token and send it with the request for a session. This token can be identified by your WebServer as originating from a specific client for a specific session