How can I validate/secure/authenticate a JavaScript-based POST request?
A product I\'m helping to develop will basically work like this:
- A Web publisher creates a new page on their site that includes a
-
How about this? - the
tag that a third party sites includes has a dynamicsrcattribute. So, instead of loading some static Javascript resource, it comes to your server, generates a unique key as an identifier for the website and sends it back in the JS response. You save the same key in user-session or your database. The form created and submitted by this JS code will submit this key parameter too. Your backend will reject any POST request which does not have a matching key with the one in your db/session.
加载中...
- 热议问题