How can I make ajax safe?

Question

I have an ajax for save address. I have some parameters like username, Address, Location. Now user can see all parameters and is not safe.

ajax code:

$.ajax({ 
        url: 'inc/saveAddress.php',
        data: {"username": window.username,
               "name": name,
               "address": address,
               "lat": window.lats,
               "lng": window.lngs,
               },
        type: 'post',
        success: function(result)
        {
            window.location.replace('https://example.com');
        }
    });

How can I check this requst is from what address by PHP? or anything to safe that.

I cant find similar questions.. please give me link if exist.. — Alireza, Jul 07 '19 at 15:43
Nothing on the client side can really be considered safe from the user. A user with enough determination will find a way around any measures you take. — Carcigenicate, Jul 07 '19 at 15:44
@Carcigenicate so ajax is not safe and I should change my way.. Right? — Alireza, Jul 07 '19 at 15:46
Everything done on the client end can be snooped by the user. This isn't specific to Ajax. — Carcigenicate, Jul 07 '19 at 15:46
making ajax safe is not different from non-ajax forms! you should validate your data on the server side. — Hadi Aghandeh, Jul 07 '19 at 15:50
@HadiAghandeh yes I need a way to check this request is from my site or not! — Alireza, Jul 07 '19 at 15:51
you need csrf protection. there are some tutorials on the internet on how to implement csrf protection in php. — Hadi Aghandeh, Jul 07 '19 at 15:55

score 0 · Answer 1 · answered Jul 07 '19 at 15:52

0

My idea is to create and send a unique key which can know only the server. If key is wrong send an error back.

answered Jul 07 '19 at 15:52

Daniel Richter

768
5
23

2

how is that going to help OP ? maybe a comment, but certainly not an answer. – YvesLeBorg Jul 07 '19 at 15:58
it helps OP to make it safe. Ok, safer as before. Thatswhy its my answer. btw, user with less then 50 reputations cant comment. ;) and as long users as u disvote my answers so i cant comment for a long time. – Daniel Richter Jul 07 '19 at 16:12

How can I make ajax safe?

1 Answers1