How to prevent cross site scripting in MVC when AJAX request is sent by another website

I have an HTML form in MVC ASP.NET which the user fills out and the request goes to the server [AJAX] then we send a mail them to inform them. I use the hidden key to store information on the page.

I find that someone changed the key and th开发者_StackOverflow社区en clicked then it's a problem that the mail go to other who are unknown for this case.

How can I be sure that nobody changes the hidden key and request is valid. The thing I want to do that HTML. antioforeignkey who is suitable for that.

But how can I implement antiforeignkey when I send AJAX request to server.

Are there any tricks to solve this problem in MVC?

Check out this link: http://blog.stevensanderson.com/2008/09/01/prevent-cross-site-request-forgery-csrf-using-aspnet-mvcs-antiforgerytoken-helper/

This link will help with AntiForgeryToken and Ajax calls: http://blogs.us.sogeti.com/swilliams/2009/05/14/mvc-ndash-using-antiforgerytoken-over-ajax/

Be sure to add @Html.AntiForgeryToken() to your form then you can use jQuery to pull that value. With the value you can then add it to the data attribute of your jQuery Ajax call.

var token = $('input[name=__RequestVerificationToken]').val();