Hi, i read that the method $request->ajax() is deprecated from Kirby 3.1
So, which is the best method to know if a request come from ajax or not, then? Is the following code reliable?
if ( !empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest' )
//now I know it's ajax
I’d either work with a content representation or a route that handles AJAX requests.
See also this issue as to why the method was deprecated: https://github.com/getkirby/kirby/issues/1431
It would be really helpful to a cookbook example of an Ajax request e.g updating a page field.
Ajax stuff is on my list. But in reality it is no more than calling a route from JS that then handles the updating and returns a response.
A general question: Am I right that the main difference between the API and the custom routes are that I have to code the custom routes myself and they are not protected by authorization while the API is always auth protected, even for simple, safe read operations on the cms content? I’m curious about this for some time because I wasn’t sure what’s the best way to offer a public (read- or insert-only limited) API for my Kirby 3 content.
The API always needs authentication, yes. With your custom routes, it’s up to you to authenticate, unless you use methods that need authentication (like updating etc, via a logged in user, or impersonation)