Ajax requirement
49 sites
Security covered
This module provides a simple way to ensure that certain routes are only accessible through AJAX requests, or conversely, can prevent access from AJAX requests. It acts as an API for other modules that need to enforce these specific access conditions.
This is an API module. You probably do not need this, unless a module you need requires it, or you are writing a module that requires it.
Very small module that you can use to make sure your route is only accessible via AJAX requests.
The module does nothing in itself, it only provides the access check service needed to define your routes like this:
my_module.my_ajax_path:
path: '/my-ajax-path'
defaults:
_title: 'Ajax path'
_controller: '\Drupal\my_module\Controller\AjaxController::build'
requirements:
_permission: 'my permission'
_is_ajax_request: 'TRUE'You can also do the opposite:
my_module.my_non_ajax_path:
path: '/my-non-ajax-path'
defaults:
_title: 'Non ajax path'
_controller: '\Drupal\my_module\Controller\AjaxController::build'
requirements:
_permission: 'my permission'
_is_ajax_request: 'FALSE'
The actual check uses the Symfony method isXmlHttpRequest which is included here for clarity:
public function isXmlHttpRequest()
{
return 'XMLHttpRequest' == $this->headers->get('X-Requested-With');
}