How to reliably secure public JSONP requests?

Question

I\'m trying to find if there\'s a good way to prevent CSRF on a javascript widget embedded on customers\' websites.

The widget would enable end users to make requests ag

Answer 1

By definition this is a "Cross Site Request". It is important to note that whether or not a CSRF request is a vulnerability is highly dependent on what the request does. For instance if the attacker can force the client into making a search request then this probably doesn't do anything useful to the attacker. If the attacker can change the admin's password, then you have a very serious problem.

So without knowing what these requests do, its impossible to say how it should be protected. That being said I think that reCapthca is a good example of how asymmetric cryptography can be used to ensure that the server authorizes a client's translation with a 3rd party. But without more information I have no idea how this could help you.