Menu
I have recently started to code heavily AJAX supported scripts in PHP, thing is, the files being accessed by the AJAX calls can be directly used too, how to disable that?
728
AJAX cannot work independently. It is used in combination with other technologies to create interactive webpages.
AJAX stands for Asynchronous JavaScript And XML. In a nutshell, it is the use of the XMLHttpRequest object to communicate with servers. It can send and receive information in various formats, including JSON, XML, HTML, and text files.
AJAX = Asynchronous JavaScript And XML. AJAX is not a programming language. AJAX just uses a combination of: A browser built-in XMLHttpRequest object (to request data from a web server) JavaScript and HTML DOM (to display or use the data)
Approach 1: In this approach, we will use the XMLHttpRequest object to make Ajax call. The XMLHttpRequest() method which create XMLHttpRequest object which is used to make request with server. Syntax: var xhttp = new XMLHttpRequest();
You cannot reliably prevent this from happening. The key really is not to consider someone accessing this file directly as a security issue - plan for this being possible and you will be in a much more secure place.
Some people might recommend code that looks like this (or similar):
if(!empty($_SERVER['HTTP_X_REQUESTED_WITH'])
&& strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
// more code here
}
However, the fact of the matter is that HTTP headers can be spoofed quite easily and are not a means of securing code. In my testing on a busy site a while back i noticed that these headers are not actually that reliable anyway.
120
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
