4

Given the following jQuery code that makes an ajax call:

$.ajax({
  url: "test.html",
  context: document.body
}).done(function() {
  $( this ).addClass( "done" );
});

The problem I have is that the user could manually enter test.html on the URL and see the response on the screen. How to avoid that?

Shadow The GPT Wizard
  • 66,030
  • 26
  • 140
  • 208
ps0604
  • 1,227
  • 23
  • 133
  • 330
  • 2
    Possible duplicate of [this](http://stackoverflow.com/questions/8437747/how-to-hide-details-in-jquery-ajax-from-browser-page-source) – sandeep s Nov 29 '15 at 07:02
  • Possible duplicate of [Allow access to PHP file only through ajax on local server](http://stackoverflow.com/questions/15436948/allow-access-to-php-file-only-through-ajax-on-local-server) – But those new buttons though.. Nov 29 '15 at 08:02
  • First of all, you must have some server side language in order to control those things. If you have PHP, the post suggested by @bill is indeed a duplicate. Otherwise, tell what language you do have, and someone might guide you how to adapt the code for that language. – Shadow The GPT Wizard Nov 29 '15 at 10:03
  • I use scala on the server side – ps0604 Nov 29 '15 at 15:18

3 Answers3

3

Try adding some kind of authorization in the HTTP header. Use the Ajax beforeSend setting. Then authenticate the header with PHP or any other server side language.

Ryan Boyd
  • 193
  • 3
  • 13
3

One way you an do this to create a variable for in some other script or location so the user will only see the variable name.

Also send you request through post method and make you server ajax reponse page respond to POST request only( say using some server side language like PHP, ASP.Net or JSP). This way even if the user find out the path of the url it will not be able to view its contents.

Ajay Chaudhary
  • 298
  • 2
  • 14
0

No you can't, AJAX calls are basically just HTTP calls and can be access with direct browsing.

S.Galarneau
  • 2,194
  • 1
  • 24
  • 26