Misha Moroshko
Reputation: 171429
How to prevent access via URL to controller's method in Rails 3?
I would like add Javascript/jQuery code to my Rails 3 application that will get data from the server and update the page accordingly.
I thought to use jQuery's $.get() method:
$.get("/get_data_about_page?page=5", function(data) {
alert("Returned data: [" + data + "]");
});
However, I don't want users to access get_data_about_page via URL.
How could I disable such access ?
Upvotes: 1
Views: 272
Answers (1)
Stephen
Reputation: 3432
Realistically you can't stop someone from scraping it if they're determined...
You could set a variable in the session when the main page is loaded and then protect the AJAX action so that it only responds if the session variable is set - this would prevent naive use of the URL but it's not foolproof.
Upvotes: 2
Related Questions
- How to call controller's method in jQuery/ajax url in rails?
- JSON to be accessed only by AJAX
- Rails - How to prevent direct URL access to a method
- Disable Rails Form Request
- protect_from_forgery & Unobtrusive Javascript
- Rails 3, how to prevent ajax remote calls (jquery) with a link_to and :remote => true with JS
- Rails 3: How to prevent users to change the database by typing a URL?
- Preventing direct URL access to Rails Controller Methods
- Prevent Rails app from responding to unintended AJAX request from jQuery
- Securing an AJAX API to prevent other sites from taking advantage of it