Limit Ajax Routing

abid-aldisa · February 24, 2023, 11:38pm

I am trying to limit AJAX requests to routes that begin with the ‘/ajax/’ prefix. Similarly, I do not want the other routes in my website to be accessible using AJAX requests.

Rather than adding checks in all my routes, it seems to me that a Middleware would be a better site-wide way to imposing this rule.

I have written this:

class AjaxMiddleware implements MiddlewareInterface
{

    public function process(Request $request, Handler $handler): ResponseInterface
    {
        $path = $request->getUri()->getPath();
        
        // validate Ajax requests
        if ($isAjax) {
            if (stripos($path, '/ajax/') !== 0) {
                throw new HttpForbiddenException($request, "Ajax Not Allowed");
            }
        }
        // validate non-Ajax requests 
        else {
            if (stripos($path, '/ajax/') === 0) {
                throw new HttpBadRequestException($request, "Ajax Routes Not Allowed");
            }
        }

        return $handler->handle($request);
    }

    private function isAjax(Request $request): bool
    {
        return strtolower($request->getHeaderLine('X-Requested-With')) === 'xmlhttprequest';
    }
}

My question is whether this Middleware should be added before or after adding the RoutingMiddleware in the bootstrap file?

odan · February 25, 2023, 10:21am

Slim 4 currently uses a Last In, First Out (LIFO) model for middleware.

To handle 404 errors correctly, I would recommend adding the AjaxMiddleware before the RoutingMiddleware.

$app->add(AjaxMiddleware::class); // <--- here
$app->addRoutingMiddleware();
$app->add(ErrorMiddleware::class);

Topic		Replies	Views
Ajax call on page load and Slim 4	5	2005	May 30, 2020
Cors as Middleware class	0	1123	January 15, 2021
#not instantiable#	4	1469	January 7, 2021
Slim 4 get name route	5	2174	October 24, 2019
Problems with route and request in middleware	2	750	July 2, 2019

Limit Ajax Routing

Related Topics