runthis Posted April 7, 2013 Share Posted April 7, 2013 So one problem with an ajax page is that someone could just look at your source code and know where the data is being sent to. One neat trick I invented to kind of confuse a user who may not even notice this is happening is this code which tells the user the page does not exist and give them a 404 page. if(!isset($_SERVER['HTTP_X_REQUESTED_WITH'])) { header('Location: /yourpage,php'); die; } What this code does is redirects the user to the same pagename but replaces the period with a comma. This is a nifty little trick and is super great and 99% of the time the end user will not even notice. It is important to remember that not all ajax scripts will send this directive and this directive can be faked by the end user in certain scenarios. In this case you can always force it to have this directive this way before sending the request VAR.setRequestHeader("X-Requested-With", "XMLHttpRequest"); Change VAR to your request variable, such as xmlhttp Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.