SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Zealot
    Join Date
    Jul 2011
    Posts
    199
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Can I detect if AJAX request comes from a specific website?

    Hello,

    I'd like to detect if an AJAX request from a specific website (say I only want to allow "someallowedwebsite.com"). Is it feasible? I guess it's not. If someallowedwebsite were using JSONRequest, would it help?

    On a related note: What is the best way to make sure that a given request comes from a website you expect it to come from?


  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,869
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    Ajax requests are domain specific. A request from a web page on example.com is passed to the example.com site for processing. You can't send ajax requests to sites other than the one the current page belongs to.

    The way around that limitation is to have a script on the server call the other site.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2006
    Location
    Augusta, Georgia, United States
    Posts
    4,192
    Mentioned
    17 Post(s)
    Tagged
    4 Thread(s)
    Nope, not possible. All services exposed through AJAX are fully accessible through HTTP. Anyone can possibly fake the request.
    The only code I hate more than my own is everyone else's.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •