{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 【Aperson】 的问题《How to check if cross-domain requests are disabled》','https://www.manongdao.com/q-838326.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I keep reading that to make ajax requests safe, I need to make sure that cross-site requests are disabled. On the server side, how exactly do I disable cross-site requests, or check if they are disabled/enabled?
相关问题
- Views base64 encoded blob in HTML with PHP
- Laravel Option Select - Default Issue
- Carriage Return (ASCII chr 13) is missing from tex
- PHP Recursively File Folder Scan Sorted by Modific
- Can php detect if javascript is on or not?
Cross site requests are disabled by default..
fyi : take a look at same origin policy : http://en.wikipedia.org/wiki/Same_origin_policy
Cross domain is always banned because of the Same Origin Policy.
As for your JavaScript making a XHR and someone spoofing one, they are the same and impossible to differentiate (though you can definitely make it harder).
May be someone can open your page in hyperlink so please make sure that http referrer is always from your site.