1
In the jquery example the arguments are well identified; url and form parameters.
$.ajax({
url: "test.html",
}).done(function() {
// ...
});
I want to know if you have any way to hide the url in ajax or make it as difficult as possible to identify the destination to prevent it being copied and pasted in the browser.
I see the js of other sites and apparently are pure javascript. That implies safety in some way?
Take a look here after http://en.m.wikipedia.org/wiki/Cross-site_request_forgery
– Paulo
What language do you use on the server? It is possible to identify if the request actually came by ajax, and reply with an error if it did not come.
– bfavaretto
You can put it in a file. JS separated and minified, already makes it difficult a little, encrypt the URL and use a function to decrypt when using, already prevents direct visualization, but if the user is determined to see the URL, nothing can be done.
– Jader A. Wagner
Or better still use a blinder like this
– Jader A. Wagner
What is your language on the server side?
– Kazzkiq
PHP usage, but the $_SERVER variable, is 100% guaranteed? They say requests can be simulated'
– Lelis
@Orion, thanks for the link, I’m reading
– Lelis