Reputation: 963
Verify that javascript request is from website
I am creating something like intercom.io and mixpanel. The user visits a website - there the admin can insert a js snippet - the js calls the server via ajax and logs a visit or some other form of data.
So far so easy, i would like to ensure that the request is made from the website so the admin has to include a unique public key. But it is of course not safe on the website. I read something about csrf protection with cookies and headers but for this the user has to have cookies enabled. And if the user does not have cookies enabled the tracking will not work, although i will not force tracking, e.g. accept the do-not-track header etc.
So how can i ensure that the request is made from my async loaded script and not some command line with a fake referer without cookies?
Upvotes: 0
Views: 68
Answers (1)
Related Questions
- Verifying Referral URL String & Cookie String with Javascript IF
- Check if the client accepts cookie in javascript?
- How to find if cookie value match or not
- Check for cookies from a domain different than the current site
- Check if cookie exist in a javascript
- how to know if website is using cookies or not?
- How can I check using PHP if some cookie is created through javascript?
- How to check if cookies are blocked using JavaScript
- client generated double submit cookie, cross site request forgery prevention
- Checking for cookie on Page Load