This is an API module. You probably do not need this, unless a module you need requires it, or you are writing a module that requires it.
Very small module that you can use to make sure your route is only accessible via AJAX requests.
The module does nothing in itself, it only provides the access check service needed to define your routes like this:
my_module.my_ajax_path:
path: '/my-ajax-path'
defaults:
_title: 'Ajax path'
_controller: '\Drupal\my_module\Controller\AjaxController::build'
requirements:
_permission: 'my permission'
_is_ajax_request: 'TRUE'
You can also do the opposite:
my_module.my_non_ajax_path:
path: '/my-non-ajax-path'
defaults:
_title: 'Non ajax path'
_controller: '\Drupal\my_module\Controller\AjaxController::build'
requirements:
_permission: 'my permission'
_is_ajax_request: 'FALSE'
The actual check uses the Symfony method isXmlHttpRequest
which is included here for clarity:
public function isXmlHttpRequest()
{
return 'XMLHttpRequest' == $this->headers->get('X-Requested-With');
}
Supporting organizations:
Development and maintenance
Project information
- Maintenance fixes only
Considered feature-complete by its maintainers. - Module categories: Access Control, Administration Tools
- 88 sites report using this module
- Created by eiriksm on , updated
- Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.