1

I am building an application in Laravel with loads of AJAX calls. I have protected the POST, UPDATE calls with CSRF token in AJAX headers.

My question is is there a way to protect the GET ajax calls from cross-site access. For example I dont want users to type in the ajax call route and get a response, instead i want them redirected to 404 page.

Thanks

aynber
  • 22,380
  • 8
  • 50
  • 63
Nenad Kaevik
  • 177
  • 1
  • 4
  • 19
  • This is called CORS - https://stackoverflow.com/questions/4850702/is-cors-a-secure-way-to-do-cross-domain-ajax-requests – shukshin.ivan Jul 08 '18 at 09:01
  • 3
    If you really want something to be CSRF protected you should make it not a GET request. GET requests should not change the state and therefore should not need CSRF protection since nothing can be altered. – apokryfos Jul 08 '18 at 09:32
  • A 403 response would probably be more appropriate if access restriction is your goal. – Brian Lee Jul 08 '18 at 09:59

1 Answers1

0

I recommend using Laravel Passport for this problem with the help of this particular point from Laravel Passport to consume your API with JavaScript.