It seems that Yii::app()->request->isAjaxRequest is giving me the wrong answer.

Without printing all the code, I have a controller action which either returns part of a page, or a whole page, depending on the result of Yii::app()->request->isAjaxRequest.

I’ve had a few complaints from users saying that, very occasionally, they get an entire page loading in the <div> which should only be reloaded with part of a page (as the content is being loaded via an ajax request).

So I guess my question is; how reliable is Yii::app()->request->isAjaxRequest ? And is there any other way of checking whether the request is indeed JS based.


Anybody ? :frowning:

I actually had the same problem when using a similar method in the CakePHP framework.

It appears to be totally random (even won’t happen to the same user twice). I never found out what the problem was


yii checks if there is a X-Requested-With HTTP header set (which should result in an $_SERVER[‘HTTP_X_REQUESTED_WITH’] server variable) and whether it contains the string ‘XMLHttpRequest’.

But this is a custom header set by most javascript libraries (and so does jQuery). There are e.g. some proxies which drop these custom headers (mainly for security reasons) and therefore your application can’t recognize whether it’s an ajax request or not. It’s not 100% reliable.

A quick and simple solution could be to add an additional parameter to your ajax request (s.th. like ajax=1) which you also check for in your application.

BOTH methods are absolutly improper in a security manner. Because the http headers and the parameters could be manipulated easily.

But in your case it doesn’t sound like this is a problem.


Worryingly I have relied on HTTP_X_REQUESTED_WITH for years.

It’s a shame to hear this is not reliable.

What I found strange is the fact that (even for the users who complained,) it seems to work 99% of the time (not that I have done any measurements for that figure…).

I suppose it is possible that only 1 in 100 (or so) of the same users requests happen to go through that damn node/proxy that decided to make my life difficult.

I suppose I’ll have to accept this, go back through my code and add some extra params so in future I can be assured that the requests are indeed AJAX based or not.

Thanks for your help…

It could be that some browser clients and http proxies can be setup to strip out some http headers