我继续读，为了使Ajax请求的安全，我需要确保跨站点请求都被禁止。在服务器端，究竟如何做才能禁用跨站点请求，或者检查它们是否禁用/启用？

I keep reading that to make ajax requests safe, I need to make sure that cross-site requests are disabled. On the server side, how exactly do I disable cross-site requests, or check if they are disabled/enabled?

推荐答案

跨站请求被禁用默认情况下.. 供参考：看看同源策略： http://en.wikipedia.org/wiki/Same_origin_policy

Cross site requests are disabled by default.. fyi : take a look at same origin policy : http://en.wikipedia.org/wiki/Same_origin_policy