Drupal is a registered trademark of Dries Buytaert
Protected Pages 3.0.0 Major update available for module protected_pages (3.0.0). Commerce Core 3.3.8 Minor update available for module commerce (3.3.8). Layout Builder Reorder 2.0.1 Minor update available for module layout_builder_reorder (2.0.1). Ban 1.1.0 Minor update available for module ban (1.1.0). Field Formatter Range 2.0.0 Major update available for module field_formatter_range (2.0.0). Field Formatter Range 8.x-1.8 Minor update available for module field_formatter_range (8.x-1.8). UI Patterns (SDC in Drupal UI) 2.0.18 Minor update available for module ui_patterns (2.0.18). Varbase FAQs 9.2.1 Minor update available for module varbase_faqs (9.2.1). Search API Solr 4.3.11 Module search_api_solr updated after 14 months of inactivity (4.3.11). Provus Mega Menu Module provus_mega_menu crossed 1,000 active installs.

Ajax requirement

49 sites Security covered
View on drupal.org

This module provides a simple way to ensure that certain routes are only accessible through AJAX requests, or conversely, can prevent access from AJAX requests. It acts as an API for other modules that need to enforce these specific access conditions.

This is an API module. You probably do not need this, unless a module you need requires it, or you are writing a module that requires it.

Very small module that you can use to make sure your route is only accessible via AJAX requests.

The module does nothing in itself, it only provides the access check service needed to define your routes like this:

my_module.my_ajax_path:
  path: '/my-ajax-path'
  defaults:
    _title: 'Ajax path'
    _controller: '\Drupal\my_module\Controller\AjaxController::build'
  requirements:
    _permission: 'my permission'
    _is_ajax_request: 'TRUE'

You can also do the opposite:

my_module.my_non_ajax_path:
  path: '/my-non-ajax-path'
  defaults:
    _title: 'Non ajax path'
    _controller: '\Drupal\my_module\Controller\AjaxController::build'
  requirements:
    _permission: 'my permission'
    _is_ajax_request: 'FALSE'

The actual check uses the Symfony method isXmlHttpRequest which is included here for clarity:

public function isXmlHttpRequest()
{
    return 'XMLHttpRequest' == $this->headers->get('X-Requested-With');
}

Activity

Total releases
1
First release
Mar 2025
Latest release
1 year ago
Releases (12 mo)
0 ▼ from 1
Maintenance
Dormant

Releases

Version Type Release date
2.0.3 Stable Mar 25, 2025