How do I check if the request is made via AJAX in CodeIgniter?

Question

How do I check if the request is an AJAX? I am using CodeIgniter. I have a link that when it clicked, it'll open the pop-up dialog window this is done through ajax it requests to a controller name login_window().

CodeIgniter

//Here is the controller name:
function login_window(){
    // request via ajax
    $this->load->view("login_window");
}

jQuery

//here is the jquery code:
//I am using a jquery plugin FACEBOX

$('a[rel*=dialog]').facebox();

<a href="http://localhost/codeigniter/login_window" rel="dialog">Login</a>

I want to check if it is an AJAX request and if not, i will redirect them to homepage. so there's no way they can access the page that is intended only for ajax requests.

score 79 · Accepted Answer · edited Sep 14 '15 at 16:05

79

If you are using a library that sends the X-Requested-With header, then you can do...

if (strtolower(filter_input(INPUT_SERVER, 'HTTP_X_REQUESTED_WITH')) === 'xmlhttprequest') {
   // I'm AJAX!
}

edited Sep 14 '15 at 16:05

Saa

1,540
10
22

answered Nov 29 '10 at 05:47

alex

479,566
201
878
984

4

@prodigitalson Just style, and I use the Kohana framework a lot, which [encourages it](http://kohanaframework.org/guide/about.conventions#highlighter_594231) (plus I think it reads nicer too). – alex Nov 29 '10 at 06:12
There is abundance of closing parens :) – Ivan Ivanic Nov 29 '12 at 18:38
1

please stop using AND/OR instead of &&/||, they are not the same! check out this question for more details http://stackoverflow.com/q/2803321/77850 – misterjinx Apr 07 '14 at 18:28
2

Kohana framework goes against PSR standards (they use snake_case, Allman style, etc ...), do **NOT** apply any of their conventions somewhere else ! – Kalzem Apr 07 '14 at 21:24
@misterjinx No one said they're the same, if you understand the differences between their precedence, you won't get tripped up. – alex Apr 07 '14 at 23:11
3

@alex you know they are not the same, I know they are not the same, but if someone else finds your code and doesn't know the difference, will take it as it is thinking is the same thing. please don't do that anymore, especially if you know it's wrong. – misterjinx Apr 08 '14 at 09:10
1

@misterjinx It's not *wrong* per se, it's just a different style, with some precedence differences. If someone makes assumptions about two different operators, am I to blame? Anyway I removed it and used a suggested edit. – alex Jan 20 '15 at 23:20
why you removed `isset()` function in the condition ? – Shafizadeh Aug 07 '15 at 14:53
@Sajad Because the code changed to stop using an array lookup – alex Aug 09 '15 at 11:17
This answer is missing the strtolower since last edit. Should have some case insensitive compare. – Saa Sep 14 '15 at 15:17

score 16 · Answer 2 · answered Aug 20 '12 at 11:40

16

As of Codeigniter 2.0 it is prefered to use $this->input->is_ajax_request()

answered Aug 20 '12 at 11:40

Dan F.

1,353
16
23

5

Ick I _hate_ underscores in method names. But +1 for sticking with CodeIgniter in your answer for the OP. – Yes Barry Oct 04 '12 at 18:27
Since the question is CodeIgniter related, this is the best answer! Still working with CodeIgniter 3.0! – Ju Oliveira Jul 11 '17 at 13:20

score 3 · Answer 3 · answered Mar 06 '15 at 11:54

3

In Codeigniter we can use

if(!$this->input->is_ajax_request()){ // check if request comes from an ajax
    redirect(site_url('home'),'refresh'); // if the request is not coming from an ajax redirect to home controller.
}

answered Mar 06 '15 at 11:54

aish

623
1
7
11

score 3 · Answer 4 · answered Nov 29 '10 at 07:12

I think you are basically looking to protect your ajax api's from being accessed directly by the users. You want users to be able to access ajax api's when invoked by your own code (javascript etc) but users should be denied access if they try to directly hit the api.

If you are still looking for a perfect solution (HTTP_X_REQUESTED_WITH is not always reliable, since your library might not support this. Even it might get stripped off by proxies if user is behind one) try to use crumbs to protect your ajax api's. Crumbs are used for flow validation, which make sure that users access the api's via a pre-defined/pre-decided flow and not directly.

There's also the idea of having a graceful fallback to ajax if javascript is turned off or happens to be broken at the moment by another script. Those requests might need to return html instead of whatever the ajax request expects. — Syntax Error, Apr 19 '14 at 17:31

score 1 · Answer 5 · answered Oct 02 '14 at 17:08

1

In Yii you simply check

    if (Yii::app()->request->isAjaxRequest)

If you use jQuery or other major javascript library it works. If you do custom requests, don't forget ot set X-Requested-With HTTP header to XMLHttpRequest.

answered Oct 02 '14 at 17:08

Fancy John

38,140
3
27
27

score 1 · Answer 6 · answered Nov 29 '10 at 05:51

1

Instead of detecting whether your request was an ajax request or not(Which can be any HTTP verb - GET/POST/HEAD) you may wanna try and add/modify routes to your routes.php for specifically handling these scenarios.

answered Nov 29 '10 at 05:51

Robin Maben

22,194
16
64
99

score 0 · Answer 7 · answered Nov 29 '19 at 09:03

Codeigniter has inbuilt function to check if the request is made using Ajax call.

You can use the following way to validate if a controller/segment is called using Ajax or not.

<?php
Class Only_ajax extends CI_controller{

   function validate_user()
  {
     /*
      * Check if URL only_ajax/validate_url is called from ajax
      * if not display not found error to user.
      *
      **/

     if(!$this->input->is_ajax_request()){
       show_404();
     }

  }

}

You can use many other checks as well using input class. Few of them are

$this->input->get_request_header();
$this->input->is_cli_request()
$this->input->ip_address()

You can view complete list of available methods at Official documentation

How do I check if the request is made via AJAX in CodeIgniter?

CodeIgniter

jQuery

7 Answers7

Linked