How to protect xml from requests from other sites? XML is made in php, i.e. php extension and language. Is it possible to somehow protect this file from other sites? Maybe somehow through the password, although it can be seen in the source code, if we are talking about Ajax. Help me please.

    2 answers 2

    Use authorization with sessions.

    • Thank you, and there are some other ways? Bd not to offer, he guessed) - iproger
    • Perhaps you crookedly formulated the question. Specify. If you do not want javascript from another site to access yours, this is the default security setting. In any case, specify the question. - mochalygin
    • Well, when I click on the ajax button, I send data to the handler, which I just want to protect. And yet I did not understand, you suggest that when you go to a page that will contact the handler to create a session, and in the handler to check if there is something to do everything you need and delete the session. Well, if he makes his handler, who will first open that page, and then send a request to my handler? - iproger
    • I propose to describe the problem in more detail . At the moment I see at least 3 options for interpreting the problem. It is easier for you to clarify than to paint the decisions of all 3. - mochalygin 4:14
    • The problem is that you need to protect the handler from extraneous requests, I will send requests by ajax. So that no one but my site could get the right answer from the handler. And I did not understand what you mean by "authorization using sessions." - iproger

    Check $_SERVER['SERVER_ADDR'] , $_SERVER['HTTP_REFERER'] - it can help with something too.

    • $_SERVER['HTTP_REFERER'] returns NULL . - iproger
    • Well, if the request from your server is Ajax, then it will not be empty. Mean if Null - then exit (); - Maksym Prus
    • I have already tested a lot of $_SERVER['HTTP_REFERER'] , returns null even when ajax is being requested. I will specify the sending method: xmlHttp.open - iproger