Reputation: 145
Check source that post request was sent from
So I have a js script located at https://ad.aakhilv.me/config.js, and it sends a post request via a script tag on the browser to my server and this function parses it:
app.post("/new", cors, async (req, res) => {
// Parses data sent here.
});
However, some people are customizing the script and changing up the data that is supposed to be sent. Anyone know if there is a way that I can make sure that the request was sent through the script url that I provided above, and not a modified version of it?
Upvotes: 1
Views: 1294
Answers (1)
Reputation: 688
There is no real way to do that. Anyone, anywhere, at any time, can make a post request to "/new".
What you need to do is verify the data that the route recieves on the backend. For example, if you want to make sure that only user is changing their data, and not somebody elses data, then you want to use session cookies to verify that they are logged in.
Ultimately, your backend code has to assume that users will abuse or otherwise try to take advantage of that route if they can. Your code inside that app.post should be able to verify that no malicious data is being sent, and that it is from the proper user.
Upvotes: 1
Related Questions
- Logging upon receiving POST request in Express
- Node.js: how to get the URL to the page which called a POST from the request body?
- Can we check if we are getting POST request call from another server?
- POST request between javascript in website and node.js server
- Unsuccessful POST request handling
- Getting parameters of post request in node js
- Executing a script upon receiving a http post request on my Node server?
- NodeJS - Retrieving Post Data Without Browser
- Verifing form input by making http request in Node
- Obtain payload of post