AJAX only access

by

You cannot reliably prevent this from happening. The key really is not to consider someone accessing this file directly as a security issue – plan for this being possible and you will be in a much more secure place.

Some people might recommend code that looks like this (or similar):

if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) 
     && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
    // more code here
}

However, the fact of the matter is that HTTP headers can be spoofed quite easily and are not a means of securing code. In my testing on a busy site a while back i noticed that these headers are not actually that reliable anyway.

More Related Contents:

  1. How to inject javascript code that uses php variables into php page
  2. How do I run ajax request in background continuously?
  3. AJAX request callback using jQuery
  4. Ajax Upload image
  5. how to do file upload using jquery serialization
  6. How to get the jQuery $.ajax error response text?
  7. Send array with Ajax to PHP script
  8. Get response from PHP file using AJAX
  9. PHP/Apache/AJAX – POST limit?
  10. Jquery/Ajax Form Submission (enctype=”multipart/form-data” ). Why does ‘contentType:False’ cause undefined index in PHP?
  11. HTML – Change\Update page contents without refreshing\reloading the page
  12. Ajax passing data to php script
  13. jQuery AJAX form using mail() PHP script sends email, but POST data from HTML form is undefined
  14. Passing Javascript Variable to PHP using Ajax
  15. Ajax post request in laravel 5 return error 500 (Internal Server Error)
  16. Inserting into MySQL from PHP (jQuery/AJAX)
  17. Retrieve JSON POST data in CodeIgniter
  18. Jquery – Uncaught TypeError: Cannot use ‘in’ operator to search for ‘324’ in
  19. Pass data from jQuery to PHP for an ajax post
  20. Jquery ajax setTimeout after form succes not redirecting?
  21. Ajax call with contentType: ‘application/json’ not working
  22. jQuery Ajax passing value on php same page
  23. How to rotate image and save the image
  24. Cross Domain Ajax Request with JQuery/PHP
  25. When do I use PHP_EOL instead of \n and vice-versa ? Ajax/Jquery client problem
  26. Codeigniter CSRF valid for only one time ajax request
  27. Ajaxify header cart items count in Woocommerce
  28. boolean variables posted through AJAX being treated as strings in server side
  29. json_encode not working with a html string as value
  30. How to implement a chat room using Jquery/PHP?

Leave a Comment