PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Tue Sep 17, 2019 11:08 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Tue Oct 09, 2012 3:34 am 
Offline
Forum Commoner

Joined: Wed Jan 07, 2009 1:43 am
Posts: 66
Hi Guys

I wonder is there any usage or security reason if we check whether the page is call by ajax or not , and if not we drop the request ?

You are welcome to give another example of this checking purpose.


Top
 Profile  
 
PostPosted: Tue Oct 09, 2012 5:21 am 
Offline
Spammer :|
User avatar

Joined: Wed Oct 15, 2008 2:35 am
Posts: 6617
Location: WA, USA
It's impossible to tell the difference between an AJAX request and someone forging the request themselves.


Top
 Profile  
 
PostPosted: Tue Oct 09, 2012 1:29 pm 
Offline
Forum Contributor
User avatar

Joined: Thu May 11, 2006 8:58 pm
Posts: 305
Location: Utah, USA
Most JavaScript Ajax libs like jQuery and Prototype use the non-standard header HTTP_X_REQUESTED_WITH which you can test like `if (strtolower(@$_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest')` but as requinix says, anybody can send any request headers they want so HTTP_X_REQUESTED_WITH cannot be relied upon for security.

If you need to add security to a REST/SOAP API (which may not apply to your case), you probably need to assign API keys and passwords.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group