Check security while using jQuery Ajax

I understand where Web services used by the script actually calls the current site and not by an external program?

Here we can help the source of ASP.NET MVC was: (+). IsAjaxRequest same method in both ASP.NET Webforms can be used:

public static bool IsAjaxRequest(this HttpRequestBase request)
{
if (request == null)
{
throw new ArgumentNullException("request");
}
return (request["X-Requested-With"] == "XMLHttpRequest") ||
((request.Headers != null) && (request.Headers["X-Requested-With"] == "XMLHttpRequest"));
}

IsAjaxRequest result should be the beginning of all requests received. Of course, had to be careful that this study can be easily bypassed (because headers have been based), but still is better than no surveillance.

Leave a Reply

Your email address will not be published. Required fields are marked *