Hi Guys
I wonder is there any usage or security reason if we check whether the page is call by ajax or not , and if not we drop the request ?
You are welcome to give another example of this checking purpose.
Checking page is call by Ajax
Moderator: General Moderators
Re: Checking page is call by Ajax
It's impossible to tell the difference between an AJAX request and someone forging the request themselves.
Re: Checking page is call by Ajax
Most JavaScript Ajax libs like jQuery and Prototype use the non-standard header HTTP_X_REQUESTED_WITH which you can test like `if (strtolower(@$_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest')` but as requinix says, anybody can send any request headers they want so HTTP_X_REQUESTED_WITH cannot be relied upon for security.
If you need to add security to a REST/SOAP API (which may not apply to your case), you probably need to assign API keys and passwords.
If you need to add security to a REST/SOAP API (which may not apply to your case), you probably need to assign API keys and passwords.