jblue
Reputation: 4450
making action for ajax only, and blocking direct url visit
I have an action that's meant to be accessed only through ajax. How can I make it give blank output when someone visits the url directly as http://site.com/controller/action? Is there a way that Zend can tell if it's an ajax call or direct url visit?
Edit: I found out about Zend's $this->getRequest()->isXmlHttpRequest(), but I wonder if this can be trusted enough?
Upvotes: 1
Views: 513
Answers (2)
GordonM
Reputation: 31740
There's no way of reliably telling an AJAX request and any other kind of request apart, so no you can't block non-AJAX access.
Upvotes: 4
fabrik
Reputation: 14365
If you're using jQuery, you can check it like:
if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') {
return die('No direct access allowed.');
}
Upvotes: 1
Related Questions
- How to avoid user navigate to ajax url in laravel 5.8?
- How to implement Zend routing with Ajax
- Ensure PHP page can only be called via AJAX from my page
- Prevent direct access to a PHP page
- Preventing zend controller/ajax from refreshing the page
- Redirect from an action method to a php file and disable the checking of url by zend
- How to declare the url in a jQuery ajax request to execute an action from a zend controller?
- Prevent direct access to an action controller
- Module only to process Ajax requests
- Prevent entire php execution on ajax request