Is ajax call coming from my site, and Zend F

I have a url (controller/action) which I access with ajax.

Being ajax, anyone could copy the javascript to their own site and access the same url without going through my site at all. (correct me if I'm wrong)

So my question, how do I know for certain that the call originated from my site and not from an external source.

To clarify, I use Zend Framework and have activated context switch json for this action. So answers specific to Zend are welcome in case Zend has spe开发者_如何学Ccial handling for this.

if ZF doesn't have special handling ( witch i don't think so ) , you can send a hash to the javascript when the js is outputed to the browser , send the hash back with the ajax call and test it , the hased value should be random for each request (and stored in the session for later testing).

I think you can use $_SERVER['HTTP_REFERER'] to see which address the request is coming from Check this post as well you can also use $this->getRequest()->isXmlHttpRequest(); to see if the request is an ahax request. Hope it is helpful to you.