OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

Security Concern over AJAX call - use full path or just endpoint

  • Thread starter Thread starter Viral Parmar
  • Start date Start date
V

Viral Parmar

Guest
just testing few ajax call and identify that its wether vulnerable JS attack if i use ajax call like this.

option 1

Code:
$.ajax({
    url: 'https://example.com/project_folder/user',
    type: "POST",

OR

option 2

Code:
$.ajax({
    url: '/project_folder/user',
    type: "POST",

whats the difference between them and what are the security vulnerability i have if i use full path instead just path.

BTW i suggested to use option 2 its more convenient by security perspective.

i suggest developers to use option 2 apart from that strong sanitisation is also required.
<p>just testing few ajax call and identify that its wether vulnerable JS attack if i use ajax call like this.</p>
<p>option 1</p>
<pre><code>$.ajax({
url: 'https://example.com/project_folder/user',
type: "POST",
</code></pre>
<p>OR</p>
<p>option 2</p>
<pre><code>$.ajax({
url: '/project_folder/user',
type: "POST",
</code></pre>
<p>whats the difference between them and what are the security vulnerability i have if i use full path instead just path.</p>
<p>BTW i suggested to use option 2 its more convenient by security perspective.</p>
<p>i suggest developers to use option 2 apart from that strong sanitisation is also required.</p>
Continue reading...
 

Latest posts

M
Replies
0
Views
1
MusicLovingIndianGirl
M
Q
Replies
0
Views
2
quora question
Q
Top