Is there a way to only allow calls to come into a script through AJAX and not allow end users to access the page directly?
Asked
Active
Viewed 488 times
0
-
2possible duplicate of [Prevent Direct Access To File Called By ajax Function](http://stackoverflow.com/questions/1756591/prevent-direct-access-to-file-called-by-ajax-function) – Diodeus - James MacFarlane Jan 12 '12 at 20:50
-
1Very similar to this question -http://stackoverflow.com/questions/8671276/restrict-ajax-call-origin/8671370#8671370 - see my answer there. – Jake Feasel Jan 12 '12 at 20:51
-
Thanks! Search for a while just wasn't sure what to search for. – Jeffrey Hunter Jan 12 '12 at 20:56
1 Answers
2
Short answer: Nope.
Long answer: AJAX is absolutely similar to "direct" access to the url. There is literally no difference between them. Actually there is: only one header that can be forged easily
zerkms
- 249,484
- 69
- 436
- 539