Ajax请求大家不开 [英] Ajax requests not open to everyone
问题描述
我创建使用codeIgniter web应用程序。还有,我在应用中使用AJAX的几个地方。
I've created a webapp using CodeIgniter. There are several places where I use ajax in the application.
我想知道是否有一种方法,我可以站直达和查询到Ajax控制器,只允许合法的Ajax请求的页面发起进行处理。
I want to know if there is a way where I can stop direct access and query to the ajax controller and only allow legitimate ajax requests originating from the page to be processed.
感谢。
推荐答案
是的,你可以做到这一点没有问题。在codeIgniter输入类有一个叫做is_ajax_request()的方法。只需在控制器动作的开始检查这一点。例如:
Yes you can do this without a problem. The CodeIgniter input class has a method called is_ajax_request(). Simply check for this at the start of your controller action. For example:
function ajax_save() {
if ($this->input->is_ajax_request()) {
//continue on as per usual
} else {
show_error("No direct access allowed");
//or redirect to wherever you would like
}
}
如果您有完全指定的Ajax调用控制器,你可以把if语句到构造函数__construct()
为控制器。记得调用父:: __构造函数()第一次,但!
If you have controllers that are designated completely for ajax calls, you can put that if statement into the constructor function __construct()
for the controller. Remember to call parent::__constructor() first though!
编辑:至于源于该页面,则可能应该在你的Ajax请求做认证+安全检查(有可能是通过会话,这样你就不能访问数据库)。因此,不属于你的web应用流氓用户不应该能够发送一个Ajax请求手动反正。希望这回答了你的问题。
As for "originating from the page", you should probably be doing authentication + security checks (likely via session so that you don't hit the database) on your ajax request. So a rogue user not affiliated with your webapp shouldn't be able to send an ajax request manually anyways. Hope this answers your question.
这篇关于Ajax请求大家不开的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!