Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
Deman12021-07-17 03:42:22
PHP
Deman1, 2021-07-17 03:42:22

How to disable user access to ajax?

Hello, tell me how you can close the user's access to ajax, in general there is a code visual link to ajax can be seen in viewing the code of the elements, the script is triggered by some action, for example, the send button was pressed and the script was executed,

<script>
        $('#click').ajaxForm({
            url: '/index/ajax',
            dataType: 'text',
            send: function(data) {
                console.log(data);
                data = $.parseJSON(data);
                SM(data);
        });
    </script>

ajax will return some text, but if the user follows the /index/ajax link, he will be able to see all the data that the general json receives, how can I make it not allowed there?

I understand that when you click, the server itself and not the user goes and receives the data, how then can you check the server if I understand correctly.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
N
nokimaro, 2021-07-17
@Deman1

No way
. When you click, the request is made by the user's browser, which means that nothing can be
hidden. And it makes no sense to hide this data. If you do not want the user to see any data, do not give it to him ever.

Report
A
AUser0, 2021-07-17
@AUser0

Let's draw an analogy (this is when something is the same or similar).
Let's say you have a car (well, a bibika, you know what a bibika is?).
And you ask the question: how to make sure that all car thieves do not see your car (bibika) point-blank?
Now think about it (if there is anything): is it possible to do this?

Report
N
Nadim Zakirov, 2021-07-17
@zkrvndm

It is impossible to prohibit, but you can encrypt the script in base64 and then it will not be at all obvious that there is something important in the script and it needs to be decrypted. Of course, you can always look at requests in the Network tab of the browser console, but not everyone can do this and not many will guess, the average user will not understand anything for sure.

Similar questions
S
sabanovvv2014-04-27 17:27:52
How to create a traffic situation constructor? 4Reply
I
ITpie2021-03-25 20:16:06
How to make docker to test python code with certain libraries? 3Reply
A
Astral1004982020-09-25 14:08:44
How to clear a tab from a line? 2Reply
S
Sergey Kulandin2015-04-20 12:45:33
Is crossfire radeon 7850+7870 stable? 3Reply
M
Matvey Bubenets2017-04-20 04:38:37
How to disable Remote Desktop Licensing? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question