+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: HTTP_REFER Ajax (/showthread.php?tid=41438)
HTTP_REFER Ajax - El Forum - 05-07-2011
[eluser]ClaudioX[/eluser]
Hi there,
When you develop, you make simple requests using jquery/$.get method?
I quest that because, if some another person use your server to get informations like city and whatever?
Is a better plain use the CSRF protection system ever?
What you think?
See ya.
HTTP_REFER Ajax - El Forum - 05-08-2011
[eluser]toopay[/eluser]
Is better when you build REST API, with ACL.
HTTP_REFER Ajax - El Forum - 05-09-2011
[eluser]ClaudioX[/eluser]
Thx for the reply tooplay. Its possible use REST to solve this? and im talking in site level with no autentication yeat.
HTTP_REFER Ajax - El Forum - 05-09-2011
[eluser]toopay[/eluser]
Of course. This is some example, of how google provide their REST API : Geo Coding
HTTP_REFER Ajax - El Forum - 05-09-2011
[eluser]guidorossi[/eluser]
I always use $.post but I think there is no problem with $.get ...
also I do this to allow using the call only from my domain:
Code:
$ci_url = explode("/", base_url());
$host = $ci_url[2];
if($this->input->is_ajax_request() && $_SERVER['HTTP_HOST'] == $host)
{
//ok some code
}
else
{
// not allowed
}but I'm not sure if that's ok...
HTTP_REFER Ajax - El Forum - 05-09-2011
[eluser]guidorossi[/eluser]
Sorry, I think it should be:
Code:
$ci_url = explode("/", base_url());
$host = $ci_url[2];
$referer = explode("/", $_SERVER['HTTP_REFERER']);
$referer_host = $referer[2];
if($this->input->is_ajax_request() && $referer_host == $host)
{
//....But I say it again, I don't thinks this is really ok...
HTTP_REFER Ajax - El Forum - 05-09-2011
[eluser]toopay[/eluser]
Thats will only can accept ajax request, in other words thats code only give a response if a request contains the HTTP_X_REQUESTED_WITH header, while REST API will generates response for any HTTP request.
If you are about provide an public information, like city, country and so on, consider build an API for that.
HTTP_REFER Ajax - El Forum - 05-10-2011
[eluser]guidorossi[/eluser]
Yes, but I thought that he wants to avoid the script from being called from someone else, or I miss understand it?
HTTP_REFER Ajax - El Forum - 05-10-2011
[eluser]toopay[/eluser]
Based by thread's title, it seems his issues was related with HTTP header field, but when i see the point at his explanation later, i suspect that the referer itselft just part of what he want to provide : an public information from his server data, like city information. Thats why i give such suggestion, and some API implementation example.
HTTP_REFER Ajax - El Forum - 05-10-2011
[eluser]ClaudioX[/eluser]
Yeap, guido understand correct the question (sorry toopay for my english ^^), but information about REST is aways nice.
The http_refer can be hacked but, for simple ajax requests, i think, its will be a good protection layer.