Answer the question
In order to leave comments, you need to log in
A
A
Alexander Sisyukin2017-02-20 02:42:45
Alexander Sisyukin, 2017-02-20 02:42:45
Cross token how to be?
There is an application: in which the user kills the address of his site, in response he receives a js code.
By placing this code on his website, he receives a form with which you can send mail to any mailbox.
The form appears to the user on the site through the iframe src application site.
And that's the question of how to make sure that the sending comes from the client of the user site and not from any script on the Serv's side.
Referrer check seems bonal to me.
Opening a session in a frame is not possible too much load.
Thinking about the decision brought the following.
1) you need to make sure that the submit is done by a person
2) make sure that the send is from the frame that is posted on the actual site.
So far, I'm leaning towards obfuscation of the js code, which will contain the algorithm for creating a token for friendship with the backend
2 answer(s)
@wielski
A
Andrzej Wielski, 2017-02-20 @wielski
Install ReCaptcha or similar and don't worry.
It will be easy for the client to click on one single checkmark, for you there will be protection from mailing by script.
Similar questions
M
W
C
R
F
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question