php - AJAX only access

Question

Welcome To Ask or Share your Answers For Others

php - AJAX only access

asked Oct 17, 2021 in Technique[技术] by 深蓝 (71.8m points)

I have recently started to code heavily AJAX supported scripts in PHP, thing is, the files being accessed by the AJAX calls can be directly used too, how to disable that?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

236 views

1 Answer

深蓝 · Answer 1 · 2021-10-17T00:04:17+0000

You cannot reliably prevent this from happening. The key really is not to consider someone accessing this file directly as a security issue - plan for this being possible and you will be in a much more secure place.

Some people might recommend code that looks like this (or similar):

if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) 
     && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
    // more code here
}

However, the fact of the matter is that HTTP headers can be spoofed quite easily and are not a means of securing code. In my testing on a busy site a while back i noticed that these headers are not actually that reliable anyway.

Categories

php - AJAX only access

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags