How to prevent POST requests from ajax (received through firebug)

Question

How to prevent POST requests from ajax (received through firebug)

How can I prevent users from mailing a request? For example, a form is submitted via an Ajax post. Using firebug, I see a message, but I noticed that this request can be easily repeated by right-clicking on it and selecting "open in a new tab". How can I prevent something like this?

+4

javascript security ajax php xmlhttprequest

Michael Jul 08 '11 at 2:26

source share

3 answers

When a valid user logs in or starts a session, create a random token string and place it in a hidden form field. Each time a valid mail is created by a valid user, generate an arbitrary token string and store it in $_SESSION , as well as returning it to the client’s browser. When the browser makes another request to send Ajax, it should also send this token string, which you are comparing with $_SESSION .

This way you can only make an Ajax entry if your server has authorized it before. It prevents anyone who simply knows the URL of the Ajax handler from sending HTTP requests to it.

+3

Michael berkowski Jul 08 '11 at 2:28

source share

You cannot reliably. But you can check the HTTP_X_REQUESTED_WITH header, which is usually sent along with ajax requests. It can be faked, although it cannot be there for real ajax requests.

0

Blair mcmillan Jul 08 '11 at 2:29

source share

damon · Accepted Answer · 2011-07-08T02:30:31+0000

Any web form can be submitted in any way. What you need to do is make sure that the server side of the script processing the form has the logic necessary to “ignore” spam requests.

How to prevent POST requests from ajax (received through firebug)

More articles: