AJAX只能访问 [英] AJAX only access

问题描述

我最近开始code巨资支持AJAX脚本在PHP中，事情是，正在由AJAX调用可以直接使用过访问的文件，如何禁用？

I have recently started to code heavily AJAX supported scripts in PHP, thing is, the files being accessed by the AJAX calls can be directly used too, how to disable that?

推荐答案

您不能可靠地prevent这种情况的发生。关键真的不考虑别人直接访问这个文件是一个安全问题 - 计划，这是可能的，你将在一个更安全的地方。

You cannot reliably prevent this from happening. The key really is not to consider someone accessing this file directly as a security issue - plan for this being possible and you will be in a much more secure place.

有些人可能会建议code，它看起来像这样（或类似）：

Some people might recommend code that looks like this (or similar):

if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) 
     && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
    // more code here
}

然而，事情的事实是，HTTP标头可以很容易地欺骗，并且不保证code的一种手段。在我在繁忙的现场测试了一段时间后我发现，这些标题实际上并没有那么可靠呢。

However, the fact of the matter is that HTTP headers can be spoofed quite easily and are not a means of securing code. In my testing on a busy site a while back i noticed that these headers are not actually that reliable anyway.

这篇关于AJAX只能访问的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！