Reputation: 521
Is there any way of blocking direct access to .php files in my ctrl foler, but allowing http requests from an Angular app? I have a .htaccess with 'Deny from all' in the ctrl folder at the moment which blocks access but it also blocks the Angular calls.
I imagine there isn't a way, but I'm not a whizz at PHP so I wanted to ask.
AngularJS
$http({
method: 'POST',
url: '/ctrl/login/login.php',
headers: {'Content-Type': 'application/x-www-form-urlencoded'},
data: credentials
})
Upvotes: 1
Views: 153
Reputation: 1568
I don't believe there is. In fact, an http request to these .php files from an angular app is nothing more than 'a direct access to .php files'. If the angular app (which lives client-side) could do the request, the client itself could do the request as well.
Upvotes: 1