Due to the confidentiality of the project, the address of the ajax request interface needs to be hidden. How do you do it?
曾经蜡笔没有小新2017-07-05 10:49:58
How can the security of the backend be guaranteed by the frontend?
You can only sign a parameter at most
阿神2017-07-05 10:49:58
You can try using a relay server. Assuming that server B needs to be kept secret, you can instead request server A, and then use server A to forward the request to server B, so that B’s address will not be exposed
typecho2017-07-05 10:49:58
Isn’t it enough to just make a custom browser? If you customize a network protocol, you won’t be able to see it. If you want to use a network protocol, you still want people to not be able to see it? The app can capture packets for you.
给我你的怀抱2017-07-05 10:49:58
In terms of simple hidden interfaces: secondary encapsulation
You write a method on the server to request the interface. You point ajax to the secondary encapsulation method, so that the page sees that the request is your secondary encapsulation. Method, and then do some anti-counterfeiting requirements and security processing.
学习ing2017-07-05 10:49:58
What should I do if the console is not displayed and the network is displayed? Even if it is not displayed, what should I do if someone else captures the packets? The boy gave up his resistance. The front end is clear and not confidential. Let them fiddle with the back end
巴扎黑2017-07-05 10:49:58
1. Back-end rendering, all data uses templates.
2.Transfer service
And I feel that there is no need to block. The front end is not safe anyway. To avoid packet capture, https can be used to improve security.