How to not let user access the php file directly from browser, which used by AJAX?

Question

files i have:
1 index.html
2 ajax.php

When User clicks a button on index file, AJAX call happens with some parameters taken from index files inline jquery to ajax.php and bring data back to index.html. how can i prevent user from directly accessing the ajax.php file by typing url in browser.

I know the token thing but it seem like an hack, i want more decent way.

any help will be greatly appreciated. Thanks.

Read about CORS, you can make sure only your domain can get access to the ajax page. — Nir Tzezana, Mar 11 '19 at 07:00
Is index.html visible for your logged in user or all of your visitors — Devi A, Mar 11 '19 at 07:02

prasanth · Answer 1 · 2019-03-11T07:18:32.230

1

Do with $_SERVER['HTTP_REFERER'] .Its only shown on ajax call .not direct browser call

<?php
  if(isset($_SERVER['HTTP_REFERER'])){
    //do stiff
  }else{
     //include your 404 page 
  }
 ?>

As per documentation HTTP_REFERER as removed or Not trusted one.

My self HTTP_REFERER is enough.You need something different use this simple Approach

print_r($_SERVER); You could see the all param. Run both ajax and direct call.Check the difference in param.use as your wise

OR

Set Some header with in calling

Prevent Direct Access To File Called By ajax Function

edited Mar 11 '19 at 07:18

answered Mar 11 '19 at 07:03

prasanth

22,145
4
29
53

From the docs, "*The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.*" - http://php.net/reserved.variables.server – Qirel Mar 11 '19 at 07:11
@Qirel.I know.I already read the document.I just post myself.And also post alternative solution also – prasanth Mar 11 '19 at 07:13

How to not let user access the php file directly from browser, which used by AJAX?

1 Answers1