I keep reading to make ajax requests secure, I need to make sure cross-site requests are disabled. On the server side, how can I disable cross-site requests or check if they are disabled / enabled?
Cross site requests are disabled by default ..fyi: take a look at the same origin policy: http://en.wikipedia.org/wiki/Same_origin_policy
Cross domain is always denied due to the same source policy .
Both for your JavaScript creating XHR, and for someone faked, they are the same and impossible to differentiate (although you can definitely make it harder).
Maybe someone can open your page in a hyperlink, so please make sure that http referrer is always from your site.
Source: https://habr.com/ru/post/1338805/More articles:How to add css class? - cssCast object without more information than its System.Type - genericsIs this ajax behavior normal, safe - javascriptRecord and play an audio stream using Qt - qtcalling member functions from one member function of the same class in C ++, objective C - c ++remove the quartz trigger that will not start again - c #Number of differences with linq for entities and custom IEqualityComparer - c #bad_alloc when calling new in the Texture class - c ++SourceGear Vault: How to get an automated list of extracted files? - sourcegear-vaultare class-level public properties protected by threads - multithreadingAll Articles