I send a lot of data through jquery's ajax method, an example of a function is
$.ajax({
url: retrive.php,
type: 'POST',
data: data,
success: callback
});
The problem is that anyone can look at the source and see that the location of the php file its sending the POST data to, therefore you could just point your browser there and get data from the URL. I do checks on the data to make sure its the right data type, but I dont want users to be able to go to the url at all.
How can we protect against direct access of that url?
There is no way to keep a user from navigating to the url show in your AJAX request. All you can do is show an error if you don't receive POST data. You could possibly also set a custom request header with the AJAX request to check for as well.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments