问题
I keep reading that to make ajax requests safe, I need to make sure that cross-site requests are disabled. On the server side, how exactly do I disable cross-site requests, or check if they are disabled/enabled?
回答1:
Cross site requests are disabled by default..
fyi : take a look at same origin policy : http://en.wikipedia.org/wiki/Same_origin_policy
回答2:
Cross domain is always banned because of the Same Origin Policy.
As for your JavaScript making a XHR and someone spoofing one, they are the same and impossible to differentiate (though you can definitely make it harder).
回答3:
May be someone can open your page in hyperlink so please make sure that http referrer is always from your site.
来源:https://stackoverflow.com/questions/4929760/how-to-check-if-cross-domain-requests-are-disabled