Prevent '$.post' calls from outsiders Javascript PHP

86 Views Asked by Bro Code At 20 October 2024 at 12:56

I am building a site that calls an email function in order to send emails.

I call a function from external Javascript file with via $.post like the following example:

$.post('http://[mydomain]/email.php', {
    'Email': '[email protected]',
    'Subject': 'This is the subject',
    'Text': 'This is the body'
}, function (data) {

});

But as recently noticed, anyone can write the above line to a browser console and send any email they want (using my email address of course).

So my question is:

Is there any way I can recognize this outside calls and prevent them from executing?

Original Q&A

There are 1 best solutions below

Vivick On 12 October 2017 at 07:59

To make this clear once and for all:

You cannot (or maybe should not) put restrictions on what the user types in the console
Your problem is not really that users can type your command in the console, it has to do with the fact that you send emails via the front-end part of your website ...

Sensitive operations like sending emails, checking passwords, registering user should NEVER be executed on the front-end side of your website ; they should ALWAYS be executed on the back-end side of your website. This is common sense when it comes to security risks.

Prevent '$.post' calls from outsiders Javascript PHP

There are 1 best solutions below

Related Questions in JAVASCRIPT

Related Questions in PHP

Related Questions in POST

Related Questions in SPAM-PREVENTION

Related Questions in BROWSER-CONSOLE

Trending Questions

Popular # Hahtags

Popular Questions