Which is better to do client side or server side validation?  In our situation we are using    jQuery and MVC.   JSON data to pass between our View and Controller.     A lot of the validation I do is validating data as users enter it. For example I...
I'm trying to implement JWT in my authentication system and I have a few questions. To store the token, I could use cookies but it's also possible to use localStorage or sessionStorage.  Which would be the best choice?   I have read that JW...
I am using a third party library which spawns a raw XMLHttpRequest with new XMLHttpRequest.  This bypasses my CSRF protection and gets shot down by my rails server.   Is there a way to globally add a predefined CSRF token ($('meta[name=csrf-token...
I have a Java Applet inserted on a simple HTML page located at http://localhost:8080/index.html:  <applet id="applet" code="SomeCode.class" archive="lib.jar" Width="1" Height="1"></applet>   The Jav...
I'm making a RESTful web service call in my JavaScript page and get the following warning:  "This page is accessing information that is not under its control.  This poses a security risk.  Do you want to continue?"  Now I've read up o...
I'm trying to embed a youtube video on to my page once the user gives the link to the video.  <iframe width=\'560\' height=\'315\' src='http://www.youtube.com/watch?v=<video id>&amp;output=embed' frameborder=\...
There are numerous online resources which provide JavaScript APIs to access their services. To be more clear, I will base my question on the example of MapBox, but this applies well to many other services in various domains.  When someone wants to us...
I have to transfer some sensitive information over a JavaScript AJAX Call, over an unencrypted channel (HTTP, not HTTPS).  I'd like to encrypt the data, but encryption on the JavaScript side means I expose the key, which makes symmetric encryptio...
It is said that instead of adding all domains to CORS, one should only add a set of domains. Yet it is sometimes not trivial to add a set of domains. E.g. if I want to publicly expose an API then for every domain that wants to make a call to that API...
We want to embed an ajax style service into a number of our websites each with a unique api key. The problem that I can see is that because the api key is stored in the javascript file the user could potentially take the key, spoof the http referrer,...

Tags

Recent Questions

Top Questions

Home Tags Terms of Service Privacy Policy DMCA Contact Us

©2020 All rights reserved.