javascript - Is it possible to prevent a page being loaded using XHR? -


i want transmit sensitive information in index.html should accessible javascript during load time of page. afterwards javascript on page should not able access data.

i can remove sensitive data dom on load need prevent page being loaded using xmlhttprequest or scraping iframe.

i can block iframe using x-frame-options header , other frame busting tricks how can block page being loaded using xhr?

the best solution came serve index.html csp header doesn't include self in connect-src directive can't xhr url on server , need white list other possible connect targets. there must better way it.

i think best bet checking x-requested-with header value of xmlhttprequest clientside frameworks/libraries send header when accessing site xhr.

however, doing not block every attempt load page xhr not mandatory xhr header , can spoofed.

i don't see how setting csp header in case should protect app/site accessing malign content instead of protecting app/site being accessed.

"content security policy declarative policy lets authors (or server administrators) of web application inform client sources application expects load resources"

source: content security policy 1.1

on sidenote: if javascript removes sensitive information dom, users can still access through console or checking page source.

what's actual use case?


Comments

Post a Comment

Popular posts from this blog

matlab - Deleting rows with specific rules -

i got 20*3 cell array , need delete rows contains "137", "2" , "n:t" origin data: 't' '' '' 'np(*)' '' '' [ 137] '' '' [ 2] '' '' 'are' 'and' 'np(fcc_a1#1)' '' '' '1:t' [ 1200] [0.7052] '' [1.2051e+03] [0.7076] '' 'are' 'and' 'np(fcc_a1#3)' '' '' '2:t' [ 1200] [0.0673] '' [1.2051e+03] [0.0671] '' 'are' 'and' 'np(m23c6)' '' '' '3:t' [ 1200] [0.227...
Read more

jquery - How would i go about shortening this code? And to cancel the previous click on click of new section? -

my code below changes image people in team sector, can see theres alot of repeated code; there way shorten it? also currently, allows click on sections without turning off clicked one; assume toggle() function, couldn't work other way! still quite new jquery coding, grand!! cheers in advance! $("#team_client_services").click(function () { if ($(".team_client_services").hasclass("team_hide")) { $(".team_client_services").toggleclass("team_hide"); $(".team_client_services2").toggleclass("team_show"); } else { $(".team_client_services").toggleclass("team_hide"); $(".team_client_services2").toggleclass("team_show"); }; }); $("#team_management").click(function () { if ($(".team_management").hasclass("team_hide")) { $(".team_management").toggleclass("team_hide"); $(".team_management2...
Read more