jQuery sends along an extra header: X-Requested-With: that you can use to determine that the resource was requested with an Ajax request. Hope that helps!
--John On 8/9/07, Pops <[EMAIL PROTECTED]> wrote: > > I have a generic security question related to AJAX: > > Are there any established technique, method or recommendation on how a > server can distinquish a AJAX call versus a LINK call vs a manual > ADDRESS BAR call? > > Is the Http request header Referrer, one method to consider? > > Now that we are doing more AJAX calls, we see that we need to make > sure we have control over how unrestricted AJAX calls are done. I > think we already concluded that we will restrict any AJAX calll to our > web services to a POST only. Not the best solution to address > injection vulnerabilities, but it might limit the population of would > be wannabe hackers. > > Comments? > >
