Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
i have default.asp and it contacts with 3 different *.asp via ajax. My question is if a person try to execute these *.asp pages without accessing default.asp if people try to open those pages as an url. http://sample.com/ajax1.asp?get=foo is an example how can prevent that kind of accesses to my ajax pages.
You can detect if the call is an AJAX request looking for the
HTTP_X-Requested-Withheader, but even if you can detect an AJAX call, you should authenticate all requests, because a malicious user could spoof all the headers easily.Detecting the AJAX header: