Reputation: 3346
How to protect ajax requests in Laravel?
I use ajax to store, update and delete resources associated with authenticated user. Routes for these actions use web middleware so cookies, session etc are available. Project is based on Laravel framework.
Is it necessary to protect those routes from unauthorized access in any additional way? I've read about API tokens that one could use, but I am not sure if it is necessary.
I will be grateful for any insights on ajax security or how ajax requests work in general, as it is a little over my head at this moment.
Upvotes: 3
Views: 3318
Answers (2)
Reputation: 33058
I would say no additional work is necessary assuming you have appropriate checks in place such as a user can't delete another user's entities, etc...
AJAX requests are really just like the user browsing to different pages except it's javascript making requests on their behalf. Since everything is already behind the web middleware, there should be no need for additional authentication since your users have technically already logged in.
Upvotes: 7
Reputation: 981
Look for JSON Web Tokens
What is JSON Web Token?
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA.
and this article:
Authenticate users in Node using JWT and Laravel
Upvotes: 2
Related Questions
- Laravel Restfull Api Security
- How to password protect a page with Laravel?
- Laravel block direct access to ajax route
- Laravel - Ajax and preventdefault
- Process to secure my REST API with Laravel
- Authorize a form request only if it an ajax call
- How to restrict ajax call on every page in Laravel 5.2?
- ajax post security in laravel?
- Protecting specific request types, restful API, Laravel
- secure the ajax calls to server side functions