Last active
August 29, 2015 14:01
-
-
Save JamoCA/ac19993f10f012376552 to your computer and use it in GitHub Desktop.
This ColdFusion 8-11 UDF will query the server's request headers to determine if the request is an Ajax form post from jQuery. (jQuery adds a special header to all ajax requests.)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- Compatible with ColdFusion 8-11. | |
| 4/28/2015 Rewritten to compensate for new undocumented CF10/11 behavior regarding getHTTPRequestData(). | |
| https://bugbase.adobe.com/index.cfm?event=bug&id=3042675 | |
| https://bugbase.adobe.com/index.cfm?event=bug&id=3581691 | |
| http://www.bennadel.com/blog/2824-gethttprequestdata-may-break-your-request-in-coldfusion-but-gethttprequestdata-false-may-not.htm | |
| ---> | |
| <cffunction name="isAjaxRequestPost" output="false" returntype="boolean" access="public"> | |
| <cfset var response = StructNew()> | |
| <cfset response.AjaxHeader = getPageContext().getRequest().getHeader("X-Requested-With") /> | |
| <cfreturn isdefined("response.AjaxHeader") AND response.AjaxHeader IS "XMLHttpRequest" /> | |
| </cffunction> | |
| <cfif not isAjaxRequestPost()> | |
| <!--- log attempt, alert admin, etc ---> | |
| <cfheader statuscode="403" statustext="Forbidden"> | |
| <cfcontent type="text/html; charset=UTF-8"><cfoutput>Forbidden</cfoutput><cfabort> | |
| </cfif> | |
| <!--- perform database update, modify cookies, upload files, etc ---> | |
| <cfcontent type="application/json; charset=UTF-8"><cfoutput>{"status":1}</cfoutput><cfabort> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment