I'm using this code to redirect my users, blocking ajax-only pages from their browser
if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) &&
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {}
else {
header("Location: /");
}
It works fine on Google chrome, Firefox 26 and IE11, however in firefox 4, the header is triggered even when loading using ajax.
How can I fix this?
I'm using this code to redirect my users, blocking ajax-only pages from their browser
if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) &&
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {}
else {
header("Location: /");
}
It works fine on Google chrome, Firefox 26 and IE11, however in firefox 4, the header is triggered even when loading using ajax.
How can I fix this?
Share Improve this question edited Feb 2, 2014 at 20:51 grebneke 4,49419 silver badges24 bronze badges asked Jan 30, 2014 at 15:48 user3236661user3236661 7921 gold badge6 silver badges12 bronze badges 4- and when you var_dump $_SERVER['HTTP_X_REQUESTED_WITH'] while using firefox 4 it is equal to ??? – Rooster Commented Jan 30, 2014 at 15:51
- it returnes NULL in firefox 4 – user3236661 Commented Jan 30, 2014 at 15:56
- @Rooster it should return NULL when ajax is not used – user3236661 Commented Jan 30, 2014 at 15:58
- 1 That header is added by jQuery. If it doesn't work with Firefox/4 (a browser that's obviously no longer supported), you'll have to live with that unless you want to fix the jQuery code yourself. – Álvaro González Commented Jan 30, 2014 at 16:30
1 Answer
Reset to default 6 +50You could try to either set the HTTP_X_REQUESTED_WITH header yourself, or set a different header and check for it also:
$.ajaxSetup({
beforeSend: function (request)
{
request.setRequestHeader("HTTP_X_REQUESTED_WITH",'xmlhttprequest');
request.setRequestHeader("BACKUP_FIREFOX_AJAX", 'xmlhttprequest');
}
});
And then
if((isset($_SERVER['HTTP_X_REQUESTED_WITH']) &&
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') ||
(isset($_SERVER['BACKUP_FIREFOX_AJAX']) &&
strtolower($_SERVER['BACKUP_FIREFOX_AJAX']) == 'xmlhttprequest'))
Not sure if it will work given it's firefox 4 (really old version), but it's worth a shot.
Ok, on digging some more, there appears to be an old Firefox bug where 1) if an xhr gets redirected then the custom headers are lost, and 2) When "automatic proxy detection" is operating firefox will sometimes do an internal redirect which triggers the problem in 1.
So, you may need to do something other than a header... perhaps append a query string param to all outgoing ajax requests, I'm not sure if you'd need to modify the url directly or data for GET requests, so I'd just do both and hope it works:
$.ajaxSetup({
beforeSend: function(jqXHR, settings) {
if (settings.url.split('?').length > 1) {
settings.url = settings.url + '&ajax=1';
}
else {
settings.url = settings.url + '?ajax=1';
}
},
data: {
ajax: '1'
}
});
and then you could do:
if((isset($_SERVER['HTTP_X_REQUESTED_WITH']) &&
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') ||
$_GET['ajax']==1)