Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Detect a fetch request in PHP

Tags:

php

fetch-api

How can I detect requests from the Fetch API in PHP? I am currently using the approach below to detect an AJAX request:

$context['isAJAX'] = (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest');

Ideally I could detect Fetch requests in a similar manner. Does anyone have any techniques to accomplish this?

like image 529
Mike Wagz Avatar asked Dec 18 '22 07:12

Mike Wagz

1 Answers

There’s no reliable way to distinguish a request made using the Fetch API from one made using XHR or from some AJAX library. The Fetch API doesn’t cause any unique headers to be sent.

If you just want to detect if a request probably came from frontend code running in a browser, you can by checking for the Origin header. Browsers add the Origin header to all cross-origin GETs. So if a GET request was made same-origin from a browser, it won’t have Origin.

And browsers send Origin for same-origin POSTs, not just cross-origin POSTs.

And browsers send Origin for XHR requests too, not just requests from the Fetch API.

So there’s no reliable way to detect on the server side if a request was made with the Fetch API.

Incidentally, if you’re checking for the X-Requested-With request header, all that’ll tell you is, the request was probably made with a common 3rd-party AJAX library instead of directly with XHR or the Fetch API. That’s because X-Requested-With isn’t a standard (that’s why its name starts with X-) and is never sent natively by browsers themselves but is by major libraries.

So I guess if you don’t see the X-Requested-With request header, at least you know that the request probably wasn’t from code using any of the AJAX methods in any of the major libraries, though that just means it also could’ve been sent from curl or something instead of a browser.

And if you see the Origin request header but not the X-Requested-With request then at least you know the request was probably sent from a browser but not using a major library—though there’s some possibility it still could have been sent with curl or whatever, if somebody manually added an Origin header to the request.

like image 165
sideshowbarker Avatar answered Jan 02 '23 21:01

sideshowbarker
Sign in to Comment

Related questions

Formating phone number according to the E164 format
PHP how to dynamically instantiate a class
how to convert weird text into specific word
Valet: 502 bad gateway when running test.dev on a mac, laravel, php install
PHP/HTML how to get filename from form?
Laravel 5.4 migration ENUM fails in MySQL
Fatal error: Uncaught Error: Call to undefined function - have to use $this
how to mock global functions and classes used by another class
How to call php function from another file?
mPDF: how to remove setHeader() & setFooter() borders
Override Doctrine2 types in Symfony3
Incredibly slow cache:clear of symfony in dev environment
remove image and its container if image is broken
How to make li class active dynamically in laravel?
Add lists() method in Query Builder in Laravel 5.4
Get the 0-value timestamp date with Carbon
PHPUnit deprecation warning fails test
Remove parent array from multidimensional array in php
Why does ctype_space in PHP return "true" for some numeric values?
Laravel update only single row

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!