Hi Adeel, to clarify first one:
Allowing request via XMLHttpRequest, but not allowing request via Browser or html anchor.
I think it is very weird, but I just wondering if there are any tricks.
Joined: Aug 15, 2004
I have nothing on the top of my head at the moment. No setup to try it myself and come up with an answer. So, what I suggest is, to install Firebug and LiveHttpHeaders plugins in your firefox, and give it a go.
You can look into request/response headers using the latter, and may be able to notice the difference in normal request and XMLHttpRequest. You can use Firebug console to issue requests. Yes, it looks like a bit of a work.
Daesung Park wrote:I think it is very weird, but I just wondering if there are any tricks.
Well as you yourself said, this is not directly supported I think. Because for the server an AJAX request is just like a normal request. I don't know of any difference between them. I think you can set a custom header or a request parameter in the AJAX request and recognize it from the server to solve the problem. Apart from that I don't think AJAX requests send back cookies to the server so you can set a cookie at the client side and if the request comes without the cookie, then you know that it is an AJAX request...
Actually, that was my original intention, Jeanne. When I said to him to install Firebug and LiveHttpHeaders. So, he can realize whats going on and how we can send the same URL using the Firebug console, or even the browser's address bar. And look at the request headers using LiveHttpHeaders and the response received.