projects / civicrm-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 690959e) | patch
Convert existing `X-Requested-With:` guards to `isWebServiceRequest()`
authorTim Otten <totten@civicrm.org>
Fri, 4 Feb 2022 23:34:39 +0000 (15:34 -0800)
committerTim Otten <totten@civicrm.org>
Fri, 4 Feb 2022 23:46:00 +0000 (15:46 -0800)
commit7511bc6eaef981aae1daeecc3305895c38732f63
treeedce22b528b00137b373619af9aba0f3fe2bdedctree | snapshot (zip tar.gz)
parent690959ee4b08cffc89f87d3c1ea221b94dad677bcommit | diff
Convert existing `X-Requested-With:` guards to  `isWebServiceRequest()`

_Overview_:  `civicrm/ajax/api4` and `returnJsonResponse()` inspect the
web-request to see if it comes via AJAX/REST. If so, the call is
allowed and formatted as JSON. The patch refines the test.

_Before_: `X-Requested-With:` signals that a call is AJAX/REST.

_After_: `X-Requested-With:` still signals that a call is AJAX/REST.
Additionally, if `authx` is enabled, then some requests will be treated as
AJAX/REST based on how they are authenticated (ie `xheader`/`X-Civi-Auth:`
and `param`/`?_authx=` are AJAX/REST).
CRM/Api4/Page/AJAX.php diff | blob | blame | history
CRM/Core/Page/AJAX.php diff | blob | blame | history