javascript 如何从浏览器页面源隐藏jquery ajax中的详细信息
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8437747/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to hide details in jquery ajax from browser page source
提问by 1110
I am using jquery for all my ajax thing, I don't know if that is fine but I use that for now.
I have one text input when user type characters in it I call server side get some values and add them on the view.
Code that I use bellow works fine butI want to improve it a little.
How can I make this ajax call so that users that want to investigate my page source code can't see what I call here?
So basically I want to hide from page source what url, what type and data send I use here, is it possible?
我将 jquery 用于我所有的 ajax 事情,我不知道这是否合适,但我现在使用它。
当用户在其中输入字符时,我有一个文本输入,我调用服务器端获取一些值并将它们添加到视图中。
我使用波纹管的代码工作正常,但我想稍微改进一下。
如何进行此 ajax 调用,以便想要调查我的页面源代码的用户看不到我在此处调用的内容?
所以基本上我想从页面源中隐藏什么 url,我在这里使用什么类型和数据发送,这可能吗?
$(function () {
$("#txtSearch").keyup(function (evt) {
$.ajax({
url: "/Prethors/Users/SearchUsers",
type: "POST",
data: "text=" + this.value,
success: function (result) {
$("#searchResult").prepend("<p>" + result + "</p>");
}
});
});
});
采纳答案by Michael Dillon
No, a user will always be able to figure out what calls you are making if you include it in javascript.
不,如果您将它包含在 javascript 中,用户将始终能够弄清楚您正在拨打什么电话。
You can compress and minify the javascript, but a determined person will always be able to find your url calls.
您可以压缩和缩小 javascript,但有决心的人将始终能够找到您的 url 调用。
Here's a js compression site, for example. http://jscompress.com/
例如,这里有一个 js 压缩站点。 http://jscompress.com/
回答by Evan
overall, you shouldn't worry about this. there is no way I'm aware of to hide your ajax calls, but you shouldn't need to.
总的来说,你不应该担心这个。我知道没有办法隐藏你的 ajax 调用,但你不应该需要。
-you could encrypt the info.
- 你可以加密信息。
-you could use comet to stream the data on a persistent connection. (super complicated).
- 您可以使用 Comet 在持久连接上流式传输数据。(超级复杂)。
-follow good server security practices and not worry about it.
- 遵循良好的服务器安全实践,不要担心。
source: here
来源:这里
If you are really worried about this, you could set up kind of an anonymous URL, which will then redirect to where you really want to go based on some variable which is arbitrary.
如果你真的很担心这个,你可以设置一个匿名 URL,然后它会根据一些任意的变量重定向到你真正想去的地方。
for example, instead of going to "/Prethors/Users/SearchUsers"
例如,而不是去 "/Prethors/Users/SearchUsers"
go to "/AnonymousCall?code=5"
去 "/AnonymousCall?code=5"
from which you could execute the code you want for searchusers
从中您可以为 searchusers 执行您想要的代码
回答by Terry
You can't hide client-side code. You can disguise it with minificationbut sensitive data should always be stored and processed on the server-side.
您无法隐藏客户端代码。您可以通过缩小来掩盖它,但敏感数据应始终在服务器端存储和处理。
回答by abhilashv
Use console.clear();after you ajax calls :P
It just clears the reqs from the console but you still cannot hide client side calls.
console.clear();在 ajax 调用后使用:P 它只是从控制台清除请求,但您仍然无法隐藏客户端调用。
