Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming HTTP_REFER Ajax
HTTP_REFER Ajax
  • El Forum
    Guest
  •  
#1
05-07-2011, 06:12 PM

[eluser]ClaudioX[/eluser]
Hi there,

When you develop, you make simple requests using jquery/$.get method?

I quest that because, if some another person use your server to get informations like city and whatever?

Is a better plain use the CSRF protection system ever?

What you think?


See ya.
  • El Forum
    Guest
  •  
#2
05-08-2011, 11:45 PM

[eluser]toopay[/eluser]
Is better when you build REST API, with ACL.
  • El Forum
    Guest
  •  
#3
05-09-2011, 08:19 PM

[eluser]ClaudioX[/eluser]
Thx for the reply tooplay. Its possible use REST to solve this? and im talking in site level with no autentication yeat.
  • El Forum
    Guest
  •  
#4
05-09-2011, 08:56 PM

[eluser]toopay[/eluser]
Of course. This is some example, of how google provide their REST API : Geo Coding
  • El Forum
    Guest
  •  
#5
05-09-2011, 11:01 PM

[eluser]guidorossi[/eluser]
I always use $.post but I think there is no problem with $.get ...

also I do this to allow using the call only from my domain:
Code:
$ci_url = explode("/", base_url());
$host = $ci_url[2];
        
   if($this->input->is_ajax_request() && $_SERVER['HTTP_HOST'] == $host)
   {
      //ok some code
   }
   else
   {
     // not allowed
   }

but I'm not sure if that's ok...
  • El Forum
    Guest
  •  
#6
05-09-2011, 11:29 PM

[eluser]guidorossi[/eluser]
Sorry, I think it should be:
Code:
$ci_url = explode("/", base_url());
$host = $ci_url[2];
        
$referer = explode("/", $_SERVER['HTTP_REFERER']);
$referer_host = $referer[2];
        
if($this->input->is_ajax_request() && $referer_host == $host)
{
//....

But I say it again, I don't thinks this is really ok...
  • El Forum
    Guest
  •  
#7
05-09-2011, 11:36 PM

[eluser]toopay[/eluser]
Thats will only can accept ajax request, in other words thats code only give a response if a request contains the HTTP_X_REQUESTED_WITH header, while REST API will generates response for any HTTP request.

If you are about provide an public information, like city, country and so on, consider build an API for that.
  • El Forum
    Guest
  •  
#8
05-10-2011, 09:31 AM

[eluser]guidorossi[/eluser]
Yes, but I thought that he wants to avoid the script from being called from someone else, or I miss understand it?
  • El Forum
    Guest
  •  
#9
05-10-2011, 09:44 AM

[eluser]toopay[/eluser]
Based by thread's title, it seems his issues was related with HTTP header field, but when i see the point at his explanation later, i suspect that the referer itselft just part of what he want to provide : an public information from his server data, like city information. Thats why i give such suggestion, and some API implementation example.
  • El Forum
    Guest
  •  
#10
05-10-2011, 06:14 PM

[eluser]ClaudioX[/eluser]
Yeap, guido understand correct the question (sorry toopay for my english ^^), but information about REST is aways nice.

The http_refer can be hacked but, for simple ajax requests, i think, its will be a good protection layer.




Theme © iAndrew 2016 - Forum software by © MyBB