Ajax请求大家不开 [英] Ajax requests not open to everyone

问题描述

我创建使用codeIgniter web应用程序。还有，我在应用中使用AJAX的几个地方。

I've created a webapp using CodeIgniter. There are several places where I use ajax in the application.

我想知道是否有一种方法，我可以站直达和查询到Ajax控制器，只允许合法的Ajax请求的页面发起进行处理。

I want to know if there is a way where I can stop direct access and query to the ajax controller and only allow legitimate ajax requests originating from the page to be processed.

感谢。

推荐答案

是的，你可以做到这一点没有问题。在codeIgniter输入类有一个叫做is_ajax_request（）的方法。只需在控制器动作的开始检查这一点。例如：

Yes you can do this without a problem. The CodeIgniter input class has a method called is_ajax_request(). Simply check for this at the start of your controller action. For example:

function ajax_save() {
    if ($this->input->is_ajax_request()) {
        //continue on as per usual
    } else {
        show_error("No direct access allowed");
        //or redirect to wherever you would like
    }
}

如果您有完全指定的Ajax调用控制器，你可以把if语句到构造函数__construct（）为控制器。记得调用父:: __构造函数（）第一次，但！

If you have controllers that are designated completely for ajax calls, you can put that if statement into the constructor function __construct() for the controller. Remember to call parent::__constructor() first though!

编辑：至于源于该页面，则可能应该在你的Ajax请求做认证+安全检查（有可能是通过会话，这样你就不能访问数据库）。因此，不属于你的web应用流氓用户不应该能够发送一个Ajax请求手动反正。希望这回答了你的问题。

As for "originating from the page", you should probably be doing authentication + security checks (likely via session so that you don't hit the database) on your ajax request. So a rogue user not affiliated with your webapp shouldn't be able to send an ajax request manually anyways. Hope this answers your question.

这篇关于Ajax请求大家不开的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！