如何在JQuery Ajax中隐藏URL


                    

我在这里有问题。
在jquery ajax中,当我们在此处定义url时,它已被发布到外部世界</ p>

有机会被其他人遗忘,我们如何克服这个问题,以便对URL进行编码?
ar actionUrl ='@ Url.Action(“ GetMovieslist”,“ Getjson”)'; </ p>

  <br>
     //此处使用的Actionname属性。<br>
     $(document).ready(function(){<br>
         $(“#btnGetMovies2”)。click(function(){<br>
             // var actionUrl =&#39;@ Url.Action(“ GetMovieslist”,“ Getjson”)&#39;;<br>
             var actionUrl =&#39;@ Url.Action(“ GetMovieslist”,“ Getjson”)&#39;;<br>
             $ .getJSON(actionUrl,displayData2);<br>
         });<br>
     });</p>

<p>     函数displayData2(response){<br>
         if(response!= null){<br>
             for(var i = 0; i <response.length; i ++){<br>
                 $(“#movieList2”)。append(“ <li>” + response [i]。标题+“” + response [i]。流派+“” + response [i]。年份+“ &lt;/ li&gt;”)<br>
             }<br>
         }<br>
     }<br>
 &lt;/ script&gt;<br>
 &lt;/ code&gt; &lt;/ pre&gt;</p>

<p><p>那么有什么办法可以解决这个问题&lt;/ p&gt;<br>
     &lt;/ div&gt;</p>

展开原文

原文

I have an problem here. In jquery ajax when we define url here its been expsed to outside world

there is chance it would be missued by others how can we overcome this so that URL is encoded ? ar actionUrl = '@Url.Action("GetMovieslist", "Getjson")';

<script type="text/javascript">
    //Actionname attribute used here.
    $(document).ready(function () {
        $("#btnGetMovies2").click(function () {
            //var actionUrl = '@Url.Action("GetMovieslist", "Getjson")';
            var actionUrl = '@Url.Action("GetMovieslist", "Getjson")';
            $.getJSON(actionUrl, displayData2);
        });
    });

    function displayData2(response) {
        if (response != null) {
            for (var i = 0; i < response.length; i++) {
                $("#movieList2").append("<li>" + response[i].Title + " " + response[i].Genre + " " + response[i].Year + "</li>")
            }
        }
    }
</script>

So is there any way we can oversome this issue

2个回答


客户端可以看到从客户端发送的所有内容。 对于您而言,如果客户端在Chrome中打开“网络”面板,则他们可以看到他们所碰到的端点。</ p>

如果您不想这样做,则可以选择一种简单的选择:</ p>

不要通过AJAX调用提供该内容; 从服务器上提供它。</ p>

您始终可以使用AJAX方法输入 token </ code>参数并记录该令牌(并检查其是否被滥用),但是您不能完全阻止最终用户访问该端点。< / p>
     </ div>

展开原文

原文

Anything that is sent across from the client can be seen by the client. In your case, if the client opens up the 'network' panel in Chrome, they can see the endpoint they're hitting.

If you don't want that, you have one foolproof option:

Don't serve that content from an AJAX call; serve it from the server.

You can always take in a token parameter with your AJAX method and log that token (and check it for abuse), but you can't outright stop an end user from hitting that endpoint.


+1乔治所说的话。


此外,如果您担心csrf攻击,


XMLHttpRequest遵循浏览器的同源策略:出于安全原因,仅当请求来自相同的来源时,请求才会成功。</ p>
     </ div>

展开原文

原文

+1 to what George said.

Additionally, if you're worried about csrf attacks,

XMLHttpRequest is subject to the browser's same-origin policy: for security reasons, requests will only succeed if they are made from the same origin.

Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐