function ajax_set_verification_header
ajax_set_verification_header()
Sets a response header for ajax.js to trust the response body.
It is not safe to invoke Ajax commands within user-uploaded files, so this header protects against those being invoked.
See also
Drupal.ajax.options.success()
Related topics
File
- includes/ajax.inc, line 594
- Functions for use with Drupal's Ajax framework.
Code
function ajax_set_verification_header() { $added = &drupal_static(__FUNCTION__); // User-uploaded files cannot set any response headers, so a custom header is // used to indicate to ajax.js that this response is safe. Note that most // Ajax requests bound using the Form API will be protected by having the URL // flagged as trusted in Drupal.settings, so this header is used only for // things like custom markup that gets Ajax behaviors attached. if (empty($added)) { drupal_add_http_header('X-Drupal-Ajax-Token', '1'); // Avoid sending the header twice. $added = TRUE; } }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/includes!ajax.inc/function/ajax_set_verification_header/7.x