I don’t see a way in Yii to limit who can access ajax functions such was with an encrypted code such as a nonce that the calling function sends to the receiving function to ensure a valid ajax request.
I don’t see a way in Yii to limit who can access ajax functions such was with an encrypted code such as a nonce that the calling function sends to the receiving function to ensure a valid ajax request.
There is _csrf protection for that, see this issue How can I validate "_csrf" in Ajax Request.? · Issue #8016 · yiisoft/yii2 · GitHub
Ok, thank you.