Reputation: 2673
Secure ajax script (javascript requested PHP script)
How to make php script called by XMLHttpRequest (ajax) secure.
I mean, to not let PHP file functional by direct url, only by calling by script from my page (i don't want to show database results to not logged users, and called php script file have included database logins and functions).
I study and find unusable:
If i lock file folder by .htaccess or use Mod rewrite (not working properly at all and it is not recommended)
Header redirection not work (exactly i don't know URL or domain from which will be script called)
if(@isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER']=="http://xxxxxxx.com/index.php?")- lastone not working is to include in php script ($_SERVER['HTTP_X_REQUESTED_WITH']) returns NULL:
if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') { header('HTTP/1.1 403 Forbidden'); exit; };
Upvotes: 1
Views: 286
Answers (1)
Reputation: 365
What about using randomized tokens? See best practice to generate random token for forgot password for example. You'll want to read up lots of articles on SO tho, there's much to consider when using tokens. (Especially looking at their security.)
Upvotes: 2
Related Questions
- How to send secure AJAX requests with PHP and jQuery
- Secure ajax GET/POST request for server
- How to make this AJAX (login) request to be secured
- AJAX with PHP on Web - Security
- How to secure ajax call (JS to PHP)
- How to secure my jQuery AJAX calls in PHP and Javascript?
- Anyway to secure this JavaScript request to PHP - (Is impossible)?
- PHP and AJAX Security
- Ajax Security (i hope)
- AJAX Security Help