1

Forgive me my ignorance, however I was trying to figure it out by myself and I did not find the right solution by myself.

I'm building a website, based on node. I'm also using alot of front-end javascript, such as AJAX in order to load the content dynamically. And, my problem is; I would like to limit GET requests for front-end only. Is there any way to achieve this? Like, we do have CSRF for POST requests, and I was thinking about enabling something like CSRF for specific GET requests. API tokens are not the way achieve the success in here, because those would be available for anyone, after inspecting the markup.

patrykcieszkowski
  • 49
  • 1
  • 5
  • Possible duplicate: http://stackoverflow.com/questions/12370919/csrf-protection-of-get-links – Felippe Duarte May 16 '16 at 18:30
  • except of the title - there is no real correlation. He wants to protect GET requests, because he's using those instead of POST requests, to update the database. And the answer is all about disadvantage of using GETs for POST purposes. I just want to limit routes for front-end, I'm displaying the content, not updating anything with those. – patrykcieszkowski May 16 '16 at 19:04
  • Can you explain what you mean by "limit GET requests for front-end only" and why you want to do it? – kuporific May 17 '16 at 22:25
  • I've got API, and I'd like those URLs not to return value, unless those are called from the site. Obviously, user could copy the URL and run his own script in the console, but I'd like to disallow people using that URL outsite out my page. Why? Mostly because im really curious, that's one of the problems I don't know how to solve, but this might be useful in future. I'm not really having any real reason for this yet. – patrykcieszkowski May 18 '16 at 04:48

0 Answers0