ajax_requirement
46 sites
Security covered
This is an API module. You probably do not need this, unless a module you need requires it, or you are writing a module that requires it.
Very small module that you can use to make sure your route is only accessible via AJAX requests.
The module does nothing in itself, it only provides the access check service needed to define your routes like this:
my_module.my_ajax_path:
path: '/my-ajax-path'
defaults:
_title: 'Ajax path'
_controller: '\Drupal\my_module\Controller\AjaxController::build'
requirements:
_permission: 'my permission'
_is_ajax_request: 'TRUE'You can also do the opposite:
my_module.my_non_ajax_path:
path: '/my-non-ajax-path'
defaults:
_title: 'Non ajax path'
_controller: '\Drupal\my_module\Controller\AjaxController::build'
requirements:
_permission: 'my permission'
_is_ajax_request: 'FALSE'
The actual check uses the Symfony method isXmlHttpRequest which is included here for clarity:
public function isXmlHttpRequest()
{
return 'XMLHttpRequest' == $this->headers->get('X-Requested-With');
}