How can i prevent .txt file from being viewed directly?
Question
I have this Javascript code which will search into a .txt file called codes.txt
$.get('codes.txt', function (contents) { if (contents.includes($('#code').val())) { validForm =true; } else { alert("Sorry!! That is not a valid code. Try again! Or email admin@apsoccer.hk"); return false; } });
I want .htaccess, permissions or any trick to make it used only by my server and not viewed directly like http://mysite/codes.txt
How can i do that?
2 answers
solution1
3 2017-07-03 13:01:36
edit your .htaccess in order to accept reading file if accessed from AJAX only.
<Files "code.txt">
SetEnvIfNoCase X-Requested-With XMLHttpRequest ajax
Order Deny,Allow
Deny from all
Allow from env=ajax
</Files>
solution2
1 2017-07-03 13:29:54
store codes.txt outside of the public directory (or use .htaccess to deny public access to it) and then use $.get to hit a server-sided script which returns the contents of the text file instead of hitting the text file itself. You could then add security to the server-sided script. (user permissions, CSRF protection etc.)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.