Jump to content

Lock ajax pages down with simple trick


Recommended Posts

So one problem with an ajax page is that someone could just look at your source code and know where the data is being sent to.

One neat trick I invented to kind of confuse a user who may not even notice this is happening is this code which tells the user the page does not exist and give them a 404 page.


header('Location: /yourpage,php'); die;


What this code does is redirects the user to the same pagename but replaces the period with a comma. This is a nifty little trick and is super great and 99% of the time the end user will not even notice.

It is important to remember that not all ajax scripts will send this directive and this directive can be faked by the end user in certain scenarios. In this case you can always force it to have this directive this way before sending the request


VAR.setRequestHeader("X-Requested-With", "XMLHttpRequest");


Change VAR to your request variable, such as xmlhttp

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...