Is ajax call coming from my site, and Zend F
Question
I have a url (controller/action) which I access with ajax.
Being ajax, anyone could copy the javascript to their own site and access the same url without going through my site at all. (correct me if I'm wrong)
So my question, how do I know for certain that the call originated from my site and not from an external source.
To clarify, I use Zend Framework and have activated context switch json for this action. So answers specific to Zend are welcome in case Zend has special handling for this.
2 answers
solution1
0 2010-12-26 22:04:47
如果ZF没有特殊处理(我不这么认为),则可以在将js输出到浏览器时将哈希发送到javascript,将其与ajax调用一起发送回哈希并测试它的hased值对于每个请求应该是随机的(并存储在会话中以供以后测试)。
solution2
0 2011-03-13 22:14:43
I think you can use $_SERVER['HTTP_REFERER'] to see which address the request is coming from Check this post as well you can also use $this->getRequest()->isXmlHttpRequest(); to see if the request is an ahax request. Hope it is helpful to you.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.