Chris Wickham
Chris Wickham

Reputation: 521

Block direct access to .php but allow AngularJS $http requests

Is there any way of blocking direct access to .php files in my ctrl foler, but allowing http requests from an Angular app? I have a .htaccess with 'Deny from all' in the ctrl folder at the moment which blocks access but it also blocks the Angular calls.

I imagine there isn't a way, but I'm not a whizz at PHP so I wanted to ask.

AngularJS

$http({
    method: 'POST',
    url: '/ctrl/login/login.php',
    headers: {'Content-Type': 'application/x-www-form-urlencoded'},
    data: credentials
})

Upvotes: 1

Views: 153

Answers (1)

user125661
user125661

Reputation: 1568

I don't believe there is. In fact, an http request to these .php files from an angular app is nothing more than 'a direct access to .php files'. If the angular app (which lives client-side) could do the request, the client itself could do the request as well.

Upvotes: 1

Related Questions