Reputation: 1571
Authenticating POST requests
I'm creating a tampermonkey userscript that sends a POST request from a website containing the user's high score. Something like this for example:
$.post('https://example.com/scores', {
id: 123, high_score: 999,
});
However, the issue is it's very easy for users to forge a fake score and send their own POST request with a fake high_score. Would there be a way to somehow authenticate these requests so I could differentiate between real requests from my userscript and forged fake ones from users? Perhaps some encryption/decryption?
Upvotes: 3
Views: 138
Answers (1)
Reputation: 394
you can add a hidden input into your page with a nonce (number only used once it can be generated based on the platform you are using (unique identifier)) value in it, when you send the post read the value and add it to you post body, on the server side you check if this nonce exists in the database then this post is authentic otherwise it is not. On your back end you could save this nonce with the session if you have sessions, this is an example
<input type="hidden" value="your-nonce" id="your-id">
<script>
let nonce = $("#your-id").val();
$.post('https://example.com/scores', {
id: 123, high_score: 999,nonce
});
</script>
Upvotes: 1
Related Questions
- Make an HTTP POST authentication basic request using Javascript
- Javascript: How can I force a POST request to treat the user as not authenticated
- JQuery AJAX Header Authorization POST
- Ajax authentication with jQuery
- jQuery 'POST' Authorization
- jQuery HTTP authentication
- Authentication using XMLHTTPRequest
- jquery Authentication
- Using jQuery's $.post to log in?
- Use JQuery.post() with JSON for a secure login form