Disallowing AJAX as a security feature
I have a page that relys on several AJAX functions. Are there any common security configurations that disallo开发者_如何学Cw AJAX?
You can turn off javascript. That will remove the J from the equation.
See:
Is it possible to disable AJAX without disabling JavaScript completely?
In configurations where Javascript is disabled on the client you need to have a fallback that will work without AJAX.
Not any very common configurations I'm aware of.
NoScript users, and users who disable JavaScript more broadly, are probably your largest group.
Some more paranoid large corporates might disable JavaScript by default in IE using Group Policy, but it's not common (and decreasingly so).
Some of the newer security products (including smarter web proxies and desktop AV products) will attempt deeper inspection of the content passing over them, including trying to look for malice in JavaScript; if you upset one of these, it might fail in strange ways. But again, should be fine in the vast majority of cases.
精彩评论