What are best practices/methods in preventing ajax requests and or form submisions from pages that my server did not serve?

Knowing that anyone can see my AJAX URL string and or forms how can I prevent calls or submissions from pages that my server did not serve?

Answers


Verifying the source of the form submission is best done by using cookies/sessions. Authenticating each request is your best protection against such cross-site attacks.


Need Your Help

FadeToggle with visibility hidden

javascript jquery css

I'm trying to get #hi to fadeOut. Right now, the fade isn't happening. The div just disappears.

JInternalFrame Does Not Fully Maximize Under Mac OS X

java osx jinternalframe

I'm working with JInternalFrame's under Mac OS X Java 5 and when maximizing a JInternalFrame within a JDesktopPane the window doesn't fully maximize, but the property to allow maximizing is definit...

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.