Reputation: 83
How to prevent POST requests from ajax (obtained through firebug)
How would I prevent users from spamming a post request? For example, a form is submitted via Ajax post. Using firebug I can see the post request, but I noticed that this request can be easily repeated by right clicking on it and selecting "open in a new tab" How can I prevent something like this?
Upvotes: 4
Views: 816
Answers (3)
Reputation: 1085
Any web form can be posted to in any number of ways. What you need to do is make sure the server-side script that processes the form has the logic needed to "ignore" spammy requests.
Upvotes: 0
Reputation: 5349
You can't reliably. But you can check for the HTTP_X_REQUESTED_WITH header which is usually send along with ajax requests. It can be spoofed though, and can also not be there for genuine ajax requests.
Upvotes: 0
Reputation: 270637
When a valid user logs in or begins a session, generate a random token string and place it in a hidden form field. Each time a valid post is made by a valid user, generate a random token string and store it in $_SESSION while also returning it to the client browser. When a the browser makes another Ajax post request, it must also send that token string which you compare against the $_SESSION.
That way you can only make an Ajax post if your server has previously sanctioned it. It prevents anyone who simply knows the Ajax handler's URL from sending HTTP requests to it.
Upvotes: 3
Related Questions
- Prevent sending AJAX request with the dev Console?
- http request | method post | request blocked | js & php
- How do I allow post requests from my pages only?
- Stop Malicious POST requests
- $.ajax post function security
- Ajax post request security
- Ajax post request vulnerability
- Security with sending ajax Request
- Preventing manual POST requests in a following system
- Prevent PHP form sending with direct access, allow with AJAX