Redirect unless the page is called from jQuery

I h开发者_如何学运维ave a page that is dynamically loaded into another page by an jQuery call. What I want is to make the loaded page accessible only if is called by the jQuery and to redirect if it's accessed directly from the browser address bar.

How do I do that?

Thanks!

You can't do this reliably. The reason is simple: everything can be faked.

Custom HTTP headers may or may not always work as well, since some firewalls strip all unknown headers. So this won't be reliable from the always work when it should standpoint. And they can even be added to a request manually using a tool like the FireFox extension "Tamper Data"... So it won't be reliable from the always redirect standpoint either...

Parameters won't work , since they can be easily faked by someone who knows what they are doing. So it won't be reliable from the always redirect when not called by jQuery standpoint.

If you're just doing it for convenience (not from a security standpoint), go with a request parameter. If you are using it for security, I'd suggest coming up with another design, since you can't enforce anything from the client side...

If the request is an ajax request, including one made using jQuery, then the following will be set:

$_SERVER['HTTP_X_REQUESTED_WITH']

You can add a parameter in your request. For example jquery=true.

This way you will not enforce that an user will not open directly from the address bar passing this parameter, but you can handle appropriately both cases.

I would set some vale - querystring maybe - when the JQuery call is made. Then on load of the new page, I would check if that value exists. If the value is there, continue loading the page, else redirect.

add a custom http header in your jquery when you send a request to the page and check for the header in the page