我希望有一个使用AJAX来访问 ./ AJAX / file.ajax.php
I wish to have a webpage that uses AJAX to access a PHP file in ./ajax/file.ajax.php
但问题是,我不希望人们能够在浏览器输入地址直接访问PHP文件。
Trouble is, I don't want people to be able to type the address in their browser to access that PHP file directly.
有没有一种方法,我可以让这个只有AJAX请求可以访问文件?
Is there a way I can make it so that only AJAX requests can access the file?
有什么我可以在PHP文件检查实现这一目标?
Is there something I can check for in the PHP file to achieve this?
推荐答案
如果您正在使用jQuery做XHR,它将设置自定义标题 X-要求 - 以
。您可以检查这一点,决定如何满足你的回应。
If you're using jQuery to make the XHR, it will set a custom header X-Requested-With
. You can check for that and determine how to serve your response.
$isXhr = isset($_SERVER["HTTP_X_REQUESTED_WITH"])
AND strotlower($_SERVER["HTTP_X_REQUESTED_WITH"]) == "xmlhttprequest";
不过,这是微不足道的恶搞。在过去,我用这个来决定是否呈现一整页(如果未设置)或页面片段(如果设置,将注入到当前页面)。
However, this is trivial to spoof. In the past, I've used this to decide whether to render a whole page (if not set) or a page fragment (if set, to be injected into current page).
相关推荐
最新文章