You are here

Home » API reference » Chaos Tool Suite (ctools) 6 » ajax.inc

function ctools_ajax_set_verification_header in Chaos Tool Suite (ctools) 6

Sets a response header for ajax.js to trust the response body.

It is not safe to invoke JS commands within user-uploaded files, so this header protects against those being invoked.

See also

Drupal.ajax.ajax.options.success()

1 call to ctools_ajax_set_verification_header()
ctools_ajax_render in includes/ajax.inc
Render a commands array into JSON and immediately hand this back to the AJAX requester.

File

includes/ajax.inc, line 536
Utilize the CTools AJAX responder.

Code

function ctools_ajax_set_verification_header() {
  $set =& ctools_static(__FUNCTION__);
  if (!isset($set)) {

    // User-uploaded files cannot set any response headers, so the token value
    // does not need to be hard to guess.
    drupal_set_header('X-Drupal-Ajax-Token: 1');
    $set = TRUE;
  }
}