I got the following problem in PHP.
I wrote a function to give data via ajax to my PHP code.
Sadly a user can just manipulate my site by typing the link of the ajax request and/or changing the values. Is there a possibility to block humans from the website but not block my ajax request?
2
Answers
The short answer is no. If it’s accessible publicly online, it is possible to send request without using your site directly.
You can also limit the access by authenticating your site.
If you still want it to be accessible, but would like to make things harder (not impossible), you can use a CSRF token: https://portswigger.net/web-security/csrf/tokens.
Answer is NO. you can use some extra data to validate the query. like add some extra data to the ajax request so the server can check the query.
i can help you but can you please tell me which data you are sending to the client.