Paul Paul - 1 month ago 5
Ajax Question

How to protect ajax requests in Laravel?

I use ajax to store, update and delete resources associated with authenticated user. Routes for these actions use

web
middleware so cookies, session etc are available. Project is based on Laravel framework.

Is it necessary to protect those routes from unauthorized access in any additional way? I've read about API tokens that one could use, but I am not sure if it is necessary.

I will be grateful for any insights on ajax security or how ajax requests work in general, as it is a little over my head at this moment.

Answer

I would say no additional work is necessary assuming you have appropriate checks in place such as a user can't delete another user's entities, etc...

AJAX requests are really just like the user browsing to different pages except it's javascript making requests on their behalf. Since everything is already behind the web middleware, there should be no need for additional authentication since your users have technically already logged in.

Comments