This is an API module. You probably do not need this, unless a module you need requires it, or you are writing a module that requires it.

Very small module that you can use to make sure your route is only accessible via AJAX requests.

The module does nothing in itself, it only provides the access check service needed to define your routes like this:

my_module.my_ajax_path:
  path: '/my-ajax-path'
  defaults:
    _title: 'Ajax path'
    _controller: '\Drupal\my_module\Controller\AjaxController::build'
  requirements:
    _permission: 'my permission'
    _is_ajax_request: 'TRUE'

You can also do the opposite:

my_module.my_non_ajax_path:
  path: '/my-non-ajax-path'
  defaults:
    _title: 'Non ajax path'
    _controller: '\Drupal\my_module\Controller\AjaxController::build'
  requirements:
    _permission: 'my permission'
    _is_ajax_request: 'FALSE'

The actual check uses the Symfony method isXmlHttpRequest which is included here for clarity:

public function isXmlHttpRequest()
{
    return 'XMLHttpRequest' == $this->headers->get('X-Requested-With');
}
Supporting organizations: 
Frontkom
Development and maintenance

Project information

Releases

2.0.2 Stable release covered by the Drupal Security Team released 19 October 2023
Works with Drupal: ^8.8 || ^9 || ^10
✓ Recommended by the project’s maintainer.
Install:

Development version: 2.x-dev updated 9 Dec 2023 at 15:11 UTC

Development version: 8.x-1.x-dev updated 19 Oct 2023 at 04:57 UTC

Using Composer to manage Drupal site dependencies