No this is not a security measure. This is only a way to decet whether a certain http header exist and that header is usually set for Ajax calls originted from web2py componenets
On Sep 21, 11:17 am, Avik Basu <avikb...@gmail.com> wrote: > I was wondering if it might be possible to limit the URL to functions > that are called internally from web2py component calls. In the > manual, there is a reference to using a decorator like: > > @auth.requires(request.cid) > > Would this be an effective safeguard? Also, is there some way to set > this since it only seems to work when LOAD is called and I would like > to set it when some code in the model is executed. > > Avik > > On Sep 21, 12:10 am, mdipierro <mdipie...@cs.depaul.edu> wrote: > > > If the URL is exposed and it is accessible via ajax, than it is called > > by the remote browser. > > You can only limit access with @auth.requires_login() or other auth > > recorator. > > > On Sep 20, 6:48 pm, Avik Basu <avikb...@gmail.com> wrote: > > > > I have a generic function called edit_db which allows for editing of > > > database records and is useful for ajax-related form functions such as > > > edit-in-place. The URL that is exposed is something like > > > > edit_db/tablename/row_id/fieldname?value="newvalue" > > > > I would like to make sure that this function can only be accessed by > > > functions within my web2py applications--in particular, widgets which > > > are defined in the model. What is the best way to do this? > > > > Avik > >
