Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Some smartass people are using my api-centric web app to clone my service and make it appear like their own. Is there a way to make sure all ajax requests are for/from my website?
Sure I could use the referrer header but they could easily fake it.
Set a cookie on the client when it hits your site, before it sends any Ajax requests.
Then validate the cookie when serving the Ajax.
Or alternatively you could make your Ajax requests POST only. This way they are subject to the same origin policy.
It will break the whole restful ideology though.
http://en.wikipedia.org/wiki/Same_origin_policy