Authenticate AJAX Request - PHP

Asked

Viewed 90 times

1

Using as example the request below and using as parameter the id, I got the return as expected

Ajax

let id = 1;
$.ajax({
    type: 'GET',
    async: false,
    contentType: 'application/json',
    url : 'controller/get_objeto/' + id,
    success: (function (data) {
        console.log(data)
    }),
    ....

PHP

// controller
public function get_objeto($id)
{
    if ($id== 0)
    {           
        $dados = $this->aviso->get();
    }
    else
    {
        $dados = $this->aviso->get_by_id($id);
    }
    header('Content-Type: application/json');
    echo json_encode($dados);
}

Return

{"id":1,"tipo":"1","titulo":"teste","descricao":"teste"}

If I copy the request performed in the browser’s XRH console, I can request it directly in the browser’s URL address bar by changing the parameter id, just using the full URL.

Example

http://localhost/aplicação/controller/get_objeto/1

I tried to use the same way in another existing application by copying the full URL of the request and pasting it into the browser’s URL address bar and got the following return:

{"error":"unauthorized_request","message":"Unauthorized request: no authentication given","status":401}

My question is: It is possible to do this type of authentication in an AJAX and PHP request, if yes, there is some simple way to do it ?

php ajax

  • The code sample editor tool, which uses the grave accent, as the name says, was made for code samples, not to emphasize text or acronyms. If you really think a part of the text needs emphasis, use bold. Regarding the problem, did you check the headers sent from the AJAX request? For the server there will always be an HTTP request, regardless of whether it is from AJAX or not - and it should not even make a difference. Since it was blocked when accessed directly by the URL, it is very likely that the authentication is done from a header that you did not send.

  • @Andersoncarloswoss, I did not send or check the sent headers, this is why I opened the question, to understand how it is done.

  • Then it would be interesting to put the requisitions in question in question, otherwise any answer will be based on achism may not represent the real situation.

  • What I have, I’ve asked the question.

  • the contentType: 'application/json', you use to return in json format, is that it? If it is you can replace to dataType: 'json' and see if it makes the same mistake

  • Ai in your php you take header...

  • @adventistaam, my question is not about returning json or not, this I get. My question is about authenticating the request if you pass the url directly through the address bar..

  • Try to remove the header

  • @Andersoncarloswoss, this would be a valid http header send and check? beforeSend: function(xhr){ xhr.setRequestHeader('X-Header'); }, and if(isset($_SERVER['HTTP_X_HEADER'])){ ... }

Show 4 more comments

1 answer

0

Maybe there’s another way, but I solved it this way:

In the ajax request, I sent it as follows, including the headers: {'X-Header': ''},:

let id = 1;
$.ajax({
type: 'GET',
async: false,
contentType: 'application/json',
headers: {'X-Header': ''},
url : 'controller/get_objeto/' + id,
success: (function (data) {
    console.log(data)
}),
....

And in PHP:

public function get_objeto($id)
{
    if(isset($_SERVER['HTTP_X_HEADER']))
    {
        if ($id== 0)
        {
            $dados = $this->aviso->get();
        }
        else
        {
            $dados = $this->aviso->get_by_id($id);
        }
    }
    else
    {
        $dados = [
            'error'   => 'unauthorized_request',
            'message' => 'Unauthorized request: no authentication given',
            'status'  => 401
        ];
    }
}

  • or you can define a $.ajaxSetup({ headers: { 'X-HEADER': '' } }) before the $.ajax

Browser other questions tagged php ajax

You are not signed in. Login or sign up in order to post.