I have a webpage in which the user is awarded X points on clicking a button. The button sends a AJAX request(JQuery) to a PHP file which then awards the points. It uses POST.
As its client side, the php file, parameters are visible to the user.
Can the user automate this process by making a form with the same fields and sending the request ?
How can I avoid this type of CSRF ? Even session authentication is not useful. stackoverflow.com/questions/3315914/â€¦
以上就是Preventing erroneous AJAX Calls by the user的详细内容，更多请关注web前端其它相关文章！