jQuery GetJSON安全问题。复制URL并在浏览器中粘贴

本文由我司收集整编，推荐下载，如有疑问，请与我司联系jQuery GetJSON 安全问题。复制URL 并在浏览器中粘贴jQuery GetJSON 安全问题。复制URL 并在浏览器中粘贴[英]jQuery GetJSON Security Issues. Copying URL and pasting in the browser I am using the jQuery GetJSON

call in my ASP page. It is something like the following code:

我正在我的ASP 页面中使用jQuery GetJSON 调用。它类似于以下代码:

$.ajax({ url: myUrl/myPage.aspx?callback=BookARoom, dataType: ‘json’This will actually end up in a room being booked in my system, but the issue is that if a user copies

this URL and pastes it in a browser, the room would get booked. Since he already has the

session, I can’t differentiate it in the ASP Pages. How can I prevent this?

这实际上会在我的系统中被预订的房间中结束，但是问题是如果用户复制这个

URL 并将它粘贴到浏览器中，房间就会被预订。由于他已经有了会话，我无法在

ASP 页面中区分它。我该如何预防呢?

这里有两个问题。

First problem: GET requests are supposed to be safe. There are lots of things that can

trigger a GET request. If you are changing state based on a GET request, your code is

dangerously broken. Use POST.

第一个问题:GET 请求应该是安全的。有很多东西可以触发GET 请求。如果您正

在基于一个GET 请求更改状态，那么您的代码将会受到危险的破坏。使用POST。

Secondly, other websites can cause your user to make requests to your website. This is

known as Cross-Site Request Forgery. The typical solution is to require a nonce with each

request. Because the nonce is unknown to the other website, they can no longer forge

requests. The link I provided will give you further reading on alternative solutions.

其次，其他网站会导致你的用户对你的网站提出请求。这被称为跨站点请求伪