After validation of a form in JS, I sent this data to MVC PHP Backend and dont want to double check the data. What is, if someone did a Postman request with incorrect data?? Is there a way to make sure, that the ajax request coud only fire after successfull data check on client side??
Asked
Active
Viewed 81 times
-1
-
1You can never rely on client-side validation. It can be a helper, to avoid making extra requests as the user is entering the data. But you should only "believe" what the server checked – blex Apr 05 '20 at 09:39
-
You will have to make sure data is checked both client and server side, exactly for the reason you stated yourself: someone could be posting data from another source. Even if you use some form of authentication (e.g. tokens (JWT) of session), someone could be posting wrong data. So there really is no escape here: you will have to validate at least server-side. You could use the CORS mechanism (to know where your call is coming from) but this also can be spoofed easily. (https://stackoverflow.com/questions/21058183/whats-to-stop-malicious-code-from-spoofing-the-origin-header-to-exploit-cors) – Pianoman Apr 05 '20 at 09:41
1 Answers
0
if you need to validate data on client side you can use :
1 : jQuery validator plugin + ajax submitting you can see this question
2 : the function beforeSend
$.ajax({
url: yourURL,
beforeSend: function(xhr) {
//You can check your data here and store in isValid variable.
var isValid = false; // Based on your validation check.
if (!isValid) {
// Prevent the request to be sent to the (web)server.
xhr.abort();
}
}
})
.done(function(data) {
// after submitting
});
