I am very new to web development and am trying to create a website using client/server model. From what I understand, the front-end (client-side) calls URLs specified on the server to get information. So if my website was www.example.com, when the user clicks a button on my site, a request will be sent to www.example.com/api/buttonClicked, and my server will then run the logic and return a response correct?
But simply by using developer tools on Chrome, anyone can see the URL the request is being sent to (www.example.com/api/buttonClicked) and the data being sent. How can i prevent someone from calling this URL? Or even if they did call it, how can i prevent my server from giving them a response?
If it helps, I am using Flask to build the server
1 Answer 1
You cannot prevent someone from calling your URL directly.
What you can do, however, is reject invalid requests.
You can add a unique key to each response which is then returned in the next request. If a request has an invalid or missing key, ignore it.
This is the basic idea behind a session. In fact, you may be able to use sessions in your framework to do this (I am not familiar with Flask).
-
Thanks. So just to see if I understand, I can give each user a unique key (when they log in). When they send a request to the server, they must provide this unique key. If the key is invalid then I don't give a response. Is my understanding correct? Thanks againkev– kev2015年08月30日 20:43:55 +00:00Commented Aug 30, 2015 at 20:43
-
@kev correct. You can either ignore the request entirely if you want, or redirect to another page such as the home page or an error page.user22815– user228152015年08月30日 22:29:05 +00:00Commented Aug 30, 2015 at 22:29
Explore related questions
See similar questions with these tags.