Yii Framework Forum: Yii::app()->request->isAjaxRequest - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

Yii::app()->request->isAjaxRequest reliable? Rate Topic: -----

#1 User is offline   tombrown 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 19
  • Joined: 17-March 09

Posted 12 October 2009 - 10:37 AM

It seems that Yii::app()->request->isAjaxRequest is giving me the wrong answer.

Without printing all the code, I have a controller action which either returns part of a page, or a whole page, depending on the result of Yii::app()->request->isAjaxRequest.

I've had a few complaints from users saying that, very occasionally, they get an entire page loading in the <div> which should only be reloaded with part of a page (as the content is being loaded via an ajax request).

So I guess my question is; how reliable is Yii::app()->request->isAjaxRequest ? And is there any other way of checking whether the request is indeed JS based.

Ta
0

#2 User is offline   tombrown 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 19
  • Joined: 17-March 09

Posted 16 October 2009 - 10:09 AM

Anybody ? :-(
0

#3 User is offline   MarcS 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 96
  • Joined: 05-July 09

Posted 18 October 2009 - 09:54 AM

I actually had the same problem when using a similar method in the CakePHP framework.
It appears to be totally random (even won't happen to the same user twice). I never found out what the problem was
0

#4 User is offline   yoshi 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 170
  • Joined: 28-February 09
  • Location:Germany

Posted 18 October 2009 - 04:48 PM

Hi,

yii checks if there is a X-Requested-With HTTP header set (which should result in an $_SERVER['HTTP_X_REQUESTED_WITH'] server variable) and whether it contains the string 'XMLHttpRequest'.
But this is a custom header set by most javascript libraries (and so does jQuery). There are e.g. some proxies which drop these custom headers (mainly for security reasons) and therefore your application can't recognize whether it's an ajax request or not. It's not 100% reliable.

A quick and simple solution could be to add an additional parameter to your ajax request (s.th. like ajax=1) which you also check for in your application.

BOTH methods are absolutly improper in a security manner. Because the http headers and the parameters could be manipulated easily.
But in your case it doesn't sound like this is a problem.

Regards
0

#5 User is offline   tombrown 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 19
  • Joined: 17-March 09

Posted 20 October 2009 - 10:13 AM

Worryingly I have relied on HTTP_X_REQUESTED_WITH for years.

It's a shame to hear this is not reliable.

What I found strange is the fact that (even for the users who complained,) it seems to work 99% of the time (not that I have done any measurements for that figure..).

I suppose it is possible that only 1 in 100 (or so) of the same users requests happen to go through that damn node/proxy that decided to make my life difficult.

I suppose I'll have to accept this, go back through my code and add some extra params so in future I can be assured that the requests are indeed AJAX based or not.

Thanks for your help..
0

#6 User is offline   wei 

  • Advanced Member
  • Yii
  • Group: Yii Dev Team
  • Posts: 147
  • Joined: 04-October 08

Posted 16 March 2012 - 07:24 PM

It could be that some browser clients and http proxies can be setup to strip out some http headers
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

2 User(s) are reading this topic
0 members, 2 guests, 0 anonymous users