Comments on: Kohana And AJAX (Sitting In A Tree) http://return-true.com/2009/08/kohana-and-ajax-sitting-in-a-tree/ Coding Tutorials, hints & tips in PHP, jQuery, CSS & HTML Thu, 29 Jul 2010 22:16:00 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Kohana Tutorials | Der PHPler http://return-true.com/2009/08/kohana-and-ajax-sitting-in-a-tree/comment-page-1/#comment-9936 Kohana Tutorials | Der PHPler Tue, 08 Sep 2009 02:33:59 +0000 http://return-true.com/?p=992#comment-9936 [...] lesenswertes Tutorial über den Einsatz von Kohana mit Ajax auf Return [...] [...] lesenswertes Tutorial über den Einsatz von Kohana mit Ajax auf Return [...]

]]> By: Veneficus Unus http://return-true.com/2009/08/kohana-and-ajax-sitting-in-a-tree/comment-page-1/#comment-9427 Veneficus Unus Wed, 19 Aug 2009 14:02:14 +0000 http://return-true.com/?p=992#comment-9427 Now that I didn't know. Thanks. :) I guess though, that again you come across the problem I've seen alot of people mention about checking <code>HTTP_X_REQUESTED_WITH</code> which is that you can easily alter the HTTP request headers. I don't know if it's true, but I've read it referenced alot on different websites. That seems to be the best thing for now though & <code>request::is_ajax()</code> is a lot shorter than my alternative. So thanks. :D Now that I didn’t know. Thanks. :)

I guess though, that again you come across the problem I’ve seen alot of people mention about checking HTTP_X_REQUESTED_WITH which is that you can easily alter the HTTP request headers. I don’t know if it’s true, but I’ve read it referenced alot on different websites.

That seems to be the best thing for now though & request::is_ajax() is a lot shorter than my alternative. So thanks. :D

]]> By: Thomas Menga http://return-true.com/2009/08/kohana-and-ajax-sitting-in-a-tree/comment-page-1/#comment-9425 Thomas Menga Wed, 19 Aug 2009 13:57:01 +0000 http://return-true.com/?p=992#comment-9425 You should use the request helper... [php] if (request::is_ajax()) {} [/php] See the docs : http://docs.kohanaphp.com/helpers/request#is_ajax But you could do something even more useful, like building an Ajax Controller, or add a route in you main template controller to ajax methods... You should use the request helper…

if (request::is_ajax()) {}

See the docs : http://docs.kohanaphp.com/helpers/request#is_ajax

But you could do something even more useful, like building an Ajax Controller, or add a route in you main template controller to ajax methods…

]]> By: Veneficus Unus http://return-true.com/2009/08/kohana-and-ajax-sitting-in-a-tree/comment-page-1/#comment-9416 Veneficus Unus Wed, 19 Aug 2009 09:21:38 +0000 http://return-true.com/?p=992#comment-9416 Well as far as I've been able to tell, I think any AJAX request coming from you also includes your session information. I could be wrong, but I use an AJAX autocomplete in an admin area which requires you to login. Since the AJAX function it access' is just another controller method & all methods are locked out unless you are logged in, I would assume it needs to check if you are still logged in, since it seems to pass this fine, I assume that the session for my login has been carried along too. I haven't checked this out so I can't really tell if all that's correct, but It's my best guess as to what is going on. I guess the best security against attacks on your AJAX functions is to always escape any MySQL, which Kohana seems to do well in conjuction with it's query builder. Again though I'm still learning Kohana myself, so thank you for the input. It really gave me some things to think about. :) P.S. I've added a little bit to the end of the post about checking HTTP headers for AJAX requests. Well as far as I’ve been able to tell, I think any AJAX request coming from you also includes your session information. I could be wrong, but I use an AJAX autocomplete in an admin area which requires you to login. Since the AJAX function it access’ is just another controller method & all methods are locked out unless you are logged in, I would assume it needs to check if you are still logged in, since it seems to pass this fine, I assume that the session for my login has been carried along too.

I haven’t checked this out so I can’t really tell if all that’s correct, but It’s my best guess as to what is going on. I guess the best security against attacks on your AJAX functions is to always escape any MySQL, which Kohana seems to do well in conjuction with it’s query builder.

Again though I’m still learning Kohana myself, so thank you for the input. It really gave me some things to think about. :)

P.S. I’ve added a little bit to the end of the post about checking HTTP headers for AJAX requests.

]]> By: Pablo http://return-true.com/2009/08/kohana-and-ajax-sitting-in-a-tree/comment-page-1/#comment-9405 Pablo Tue, 18 Aug 2009 22:33:25 +0000 http://return-true.com/?p=992#comment-9405 I haven't added Ajax to my Kohana site yet but these are my thoughts. I was going to look into support for checking the AJAX header in the HTTP response, make sure it really was an AJAX request but I don't know if this is well-supported by the browsers. I was also going to see if my sessions would track across the AJAX request or if I needed to add some additional token to every request just to actually prove it came from a legitimate user and not something that was just crafted to bypass the authentication in the normal HTML. I haven’t added Ajax to my Kohana site yet but these are my thoughts. I was going to look into support for checking the AJAX header in the HTTP response, make sure it really was an AJAX request but I don’t know if this is well-supported by the browsers. I was also going to see if my sessions would track across the AJAX request or if I needed to add some additional token to every request just to actually prove it came from a legitimate user and not something that was just crafted to bypass the authentication in the normal HTML.

]]>