Block cross domain calls to asp.net .asmx web service

前端 未结 3 840
面向向阳花
面向向阳花 2021-02-02 04:16

I\'ve built an application that uses jQuery and JSON to consume an ASP.NET .asmx web service to perform crud operations. The application and .asmx are on the same domain. I dont

3条回答
  •  感情败类
    2021-02-02 04:37

    In AJAX the browser makes the calls, so even if you were to check that the domain is the same it wouldnt be secure enough because it can easily be faked.

    You need to use some sort of authetication/autharization tokens (preferably with a time out) to keep things safe.

提交回复
热议问题