AJAX versus CURL

Question

I need to know the difference between CURL (in PHP) and AJAX (in Javascript) when it comes to know Source of the request.

UPDATED: What I want to know is if I am generating requests using AJAX what sender IP address would be received at the server side with the packet as source? The same is with CURL and for all users it will single ip address be sent. But is that the same case with JS? JS executes at the client side so would it be client IP address?

May be a duplicate of http://stackoverflow.com/questions/4738380/what-differences-are-there-between-form-submissions-and-curl-requests — Arnaud Le Blanc, Jan 23 '11 at 18:35
No it's not. I need to know the request source when it's CURL or AJAX — Umair A., Jan 23 '11 at 18:42

Brad Christie · Accepted Answer · 2020-02-05T16:40:34.520

cURL is a server-side process. This means that it will be called before the page is rendered and has nothing to do with the client's capabilities.

AJAX, however, is a client-side call. This means that it will not be executed until the client loads the page (or at least that piece of code is seen and executed, but this typically works on document.ready).

If you're looking to retrieve the information and dump it to the user immediately then cURL is your best bet. If you'd like to do a progressive load (dump the page, then retrieve the content for a "seamless" load to the user) then AJAX is the best bet. All th while keep in mind, though in today's day and age it's semi trivial, AJAX may be disabled in cases of FireFox's NoScript extension.

That being said, the source of the cURL execution will be on the server. The source of the AJAX request will be on a per-client basis. Neither of which provide a secure means of detection (server-side) to know who sent what (as headers can be altered).

William · Answer 2 · 2011-01-23T18:56:03.223

If you're trying to detect which method was used as the source of a request, there is no way to know for sure. Most browsers use the HTTP header X-Requested-With when sending a request via AJAX. The cURL library does send a user agent by default, but this can obviously be altered by the library. Both methods can be forged easily and should not be used for strict validation.

Edit:

The AJAX request will come from client that made the AJAX request. The cURL request will come from where the library was used. (e.g. if you're using PHP, it will come from the PHP server. If you're using it via CLI, then it will come from the server you executed the command from)

Obviously the requests could be behind proxies, etc.

score 0 · Answer 3 · answered Jan 23 '11 at 19:12

0

The IP address that requested the javascript file from the server will be the same as the IP address that fired the ajax request back to the server from that file. See the same origin policy.

answered Jan 23 '11 at 19:12

Myer

3,670
2
39
51

According to that, if I create an webpage which will fire AJAX request to say some www.nnn.com then any user using my webpage will fire this request from his/her IP. right? – Umair A. Jan 23 '11 at 19:50
1

Yes, this is what both Brad and I have said. Note: AJAX is limited by the same origin policy: you cannot make an AJAX request to a different domain than the request is from. – William Jan 24 '11 at 15:18

AJAX versus CURL

3 Answers3

Linked