Reputation: 393
Restrict Cross Domain Ajax request
I have web application (In java) where I need to restrict Cross Domain request through Ajax call in any browser (Including IE restricting XDomainRequest object) through jquery or simple javaScript ajax call.
My ultimate aim it to restrict it while the call is made either through some browser setting or setting response header so it wont make the call in the first point itself.
If same-orgin policy is a solution pls do explain how it is addressed.
Thanks and regards, Oceanvijai
Upvotes: 1
Views: 3034
Answers (1)
Reputation: 28200
You can control which domains you accept AJAX requests from via the Access-Control-Allow-Origin response header. If the header is missing, only requests from the same domain are allowed.
Update: if you want to disallow even the initiation of AJAX requests, you could try X-Content-Security-Policy:xhr-src 'none', but I can't imagine any situation where that would be useful. Maybe you could explain the situation in a little more detail?
Upvotes: 5
Related Questions
- Prevent request to another domain?
- Block cross domain XHR or fetch call at origination/source
- XMLHttpRequest cross domain
- Allowing Cross domain ajax calls from firefox
- XMLHttpRequest Same Origin Policy
- Disable cross-domain ajax request
- How to stop other website to send cross domain ajax requests?
- Overriden XMLHttpRequest for cross-domain requests
- xmlHttpRequest and cross-site restriction
- How to disable Cross Domain Restriction