How can we add security in ajax get request in laravel 5?

Question

I need to add security for ajax get method in Laravel 5. For POST, PUT and DELETE Laravel token is good. But How can I add security in ajax get request.

Security

If an hacker try to access an ajax page directly form another domain. I need to check the domain name and restrict.

I have added middleware but I am not sure Is this the correct way?

<?php

namespace App\Http\Middleware;

use Closure;

class AjaxMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if ((!$request->ajax()) || ($request->url() != url()->current())){
            return response('Forbidden.', 403);
        }
        return $next($request);
    }
}

score 0 · Answer 1 · edited May 23 '17 at 11:45

0

Isn't that what CORS suppose to block? Check this out: Understanding AJAX CORS and security considerations

You don't have to put any extra layer of protection if you are afraid that someone from a different website might do ajax calls to your website. They will be blocked by browser, by default.

edited May 23 '17 at 11:45

Community

1
1

answered Mar 17 '16 at 13:09

neochief

569
4
6

score 0 · Answer 2 · answered Jun 25 '19 at 08:19

0

Just use the same CSFR technique for the GET requests, to verify the request comes from a valid session.

answered Jun 25 '19 at 08:19

Eduardo Chongkan

752
7
12

How can we add security in ajax get request in laravel 5?

2 Answers2