Paul Paul - 1 year ago 68
Ajax Question

How to protect ajax requests in Laravel?

I use ajax to store, update and delete resources associated with authenticated user. Routes for these actions use

middleware so cookies, session etc are available. Project is based on Laravel framework.

Is it necessary to protect those routes from unauthorized access in any additional way? I've read about API tokens that one could use, but I am not sure if it is necessary.

I will be grateful for any insights on ajax security or how ajax requests work in general, as it is a little over my head at this moment.

Answer Source

I would say no additional work is necessary assuming you have appropriate checks in place such as a user can't delete another user's entities, etc...

AJAX requests are really just like the user browsing to different pages except it's javascript making requests on their behalf. Since everything is already behind the web middleware, there should be no need for additional authentication since your users have technically already logged in.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download