问题描述

我如何prevent我的用户直接访问网页意味着阿贾克斯只要求？

How do I prevent my users from accessing directly pages meant for ajax calls only?

Ajax调用过程中传递的关键似乎是一个解决方案，而无需键访问将不会被处理。但它也容易制造的键，无？中查看源诅咒......

Passing a key during ajax call seems like a solution, whereas access without the key will not be processed. But it is also easy to fabricate the key, no? Curse of View Source...

P / S：使用Apache Web服务器为

p/s: Using Apache as webserver.

编辑：要回答为什么，我jQuery的用户界面，标签在我的index.php，而这些选项卡里面的形式与剧本，如果他们直接访问，这将无法正常工作。为什么用户会想这样做，我不知道，我只是想我会更用户通过preventing直接访问形式没有验证脚本友好。

To answer why, I have jQuery ui-tabs in my index.php, and inside those tabs are forms with scripts, which won't work if they're accessed directly. Why a user would want to do that, I don't know, I just figure I'd be more user friendly by preventing direct access to forms without validation scripts.

推荐答案

正如其他人所说，Ajax请求可以模拟要创建正确的头。如果你想有一个基本的检查，看是否该请求是一个Ajax请求，你可以使用：

As others have said, Ajax request can be emulated be creating the proper headers.If you want to have a basic check to see if the request is an Ajax request you can use:

 if($_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest') {
     //Request identified as ajax request
 }

但是你不应该基于你对这个检查安全。这将消除直接访问的网页，如果这是你所需要的。

However you should never base your security on this check. It will eliminate direct accesses to the page if that is what you need.

这篇关于prevent直接访问PHP页面的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！