Comments on: Detect an AJAX Request in PHP http://davidwalsh.name/detect-ajax Legendary scribbles about JavaScript, HTML5, AJAX, PHP, CSS, and ∞. Tue, 22 May 2012 05:31:04 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: idhamhttp://davidwalsh.name/detect-ajax#comment-29145 idham Fri, 10 Feb 2012 22:05:41 +0000 http://davidwalsh.name/?p=3234#comment-29145 By default, ajax using header: Accept:application/json, text/javascript, */* and not ajax have header like Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 css header: Accept:text/css,*/*; it depending file your request.If you using php framework like CodeIgniter, you can use $this->input->is_ajax_request(). See http://codeigniter.com/user_guide/libraries/input.htmlBy the way, $_SERVER['HTTP_X_REQUESTED_WITH'] is best way for detecting ajax request. By default, ajax using header: Accept:application/json, text/javascript, */*
and not ajax have header like Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
css header: Accept:text/css,*/*; it depending file your request.

If you using php framework like CodeIgniter, you can use $this->input->is_ajax_request(). See http://codeigniter.com/user_guide/libraries/input.html

By the way, $_SERVER['HTTP_X_REQUESTED_WITH'] is best way for detecting ajax request.

]]> By: Philiphttp://davidwalsh.name/detect-ajax#comment-27855 Philip Thu, 08 Dec 2011 04:35:26 +0000 http://davidwalsh.name/?p=3234#comment-27855 The best solution for this would be to just add a parameter say: <code> if (isset($_GET['ajax']) && $_GET['ajax'] == TRUE) { // Process AJAX request } else { // Process non-AJAX request } </code>This should also prevent the cache problem Jason spoke of as using a new URL parameter requires the page to be reprocessed due to the browser being unable to determine what is going on in the server. The best solution for this would be to just add a parameter say:

if (isset($_GET['ajax']) && $_GET['ajax'] == TRUE) {
// Process AJAX request
} else {
// Process non-AJAX request
}

This should also prevent the cache problem Jason spoke of as using a new URL parameter requires the page to be reprocessed due to the browser being unable to determine what is going on in the server.

]]> By: Keilaronhttp://davidwalsh.name/detect-ajax#comment-26448 Keilaron Tue, 09 Aug 2011 20:08:52 +0000 http://davidwalsh.name/?p=3234#comment-26448 It ain't an additional layer if that's the message you respond with. ;) It ain’t an additional layer if that’s the message you respond with. ;)

]]> By: Dan "Netwalker" Fernandezhttp://davidwalsh.name/detect-ajax#comment-26395 Dan "Netwalker" Fernandez Mon, 08 Aug 2011 10:42:36 +0000 http://davidwalsh.name/?p=3234#comment-26395 "This url is an ajax webservice - direct access is denied". Think of it as an additional layer.Edit: two years later, and for the record “This url is an ajax webservice – direct access is denied”. Think of it as an additional layer.

Edit: two years later, and for the record

]]> By: mandarhttp://davidwalsh.name/detect-ajax#comment-25843 mandar Sat, 09 Jul 2011 04:17:08 +0000 http://davidwalsh.name/?p=3234#comment-25843 is there any other way/ method in which i can detect AJAX request?? i need it for security purpose! is there any other way/ method in which i can detect AJAX request?? i need it for security purpose!

]]> By: mandarhttp://davidwalsh.name/detect-ajax#comment-25842 mandar Sat, 09 Jul 2011 04:16:46 +0000 http://davidwalsh.name/?p=3234#comment-25842 Is there any better method? or different method? which i can use for security? Is there any better method? or different method? which i can use for security?

]]> By: Joshttp://davidwalsh.name/detect-ajax#comment-25628 Jos Mon, 04 Jul 2011 13:55:19 +0000 http://davidwalsh.name/?p=3234#comment-25628 You shouldn't rely on any kind of check for security issues. Using different urls is just as fragile and can be spoofed too. But why at all would you write a security check based on whether a request is an Ajax request or not? You shouldn’t rely on any kind of check for security issues. Using different urls is just as fragile and can be spoofed too. But why at all would you write a security check based on whether a request is an Ajax request or not?

]]> By: fredhttp://davidwalsh.name/detect-ajax#comment-23919 fred Sun, 08 May 2011 06:47:15 +0000 http://davidwalsh.name/?p=3234#comment-23919 You could spoof that header remotely. This works fine as a rudimentary check, but shouldn't be relied on for security purposes. You could spoof that header remotely. This works fine as a rudimentary check, but shouldn’t be relied on for security purposes.

]]> By: David Walshhttp://davidwalsh.name/detect-ajax#comment-23705 David Walsh Mon, 25 Apr 2011 04:07:57 +0000 http://davidwalsh.name/?p=3234#comment-23705 Very true fleh, but the worst thing that can happen, in this example, would be just outputting contentHTML and not the wrapping code. Very true fleh, but the worst thing that can happen, in this example, would be just outputting contentHTML and not the wrapping code.

]]> By: flehhttp://davidwalsh.name/detect-ajax#comment-23704 fleh Mon, 25 Apr 2011 04:03:41 +0000 http://davidwalsh.name/?p=3234#comment-23704 Just to make sure everyone's aware this header can be spoofed from another site or within the certain browser extensions. it's not an end all be all, it's just a rudimentary check. Just to make sure everyone’s aware this header can be spoofed from another site or within the certain browser extensions. it’s not an end all be all, it’s just a rudimentary check.

]]>