Useful Snippets

Welcome!

This blog is used to collect useful snippets related to Linux, PHP, MySQL and more. Feel free to post comments with improvements or questions!

Are your smart devices spying on you? Make better purchasing choices and find products that respect your privacy at Unwanted.cloud

RSS Latest posts from my personal blog

Subscribe to RSS feed

RSS RSS feed

Copyright © Useful Snippets. 2024 • All rights reserved.

Cedar WordPress Theme by EckoThemes. Published with WordPress.

Determine if WordPress AJAX request is a backend of frontend request

Stanislav KhromovStanislav Khromov

AJAX endpoints being natively supported in WordPress is awesome. Not being able to separate a frontend request (coming from a theme/frontend plugin) from a backend request (coming from the admin panel) is not as awesome.

Here’s a function to determine if a request is coming from the frontend or backend. It uses the HTTP referer to determine which URL the incoming call to admin-ajax.php originated from. If it originated from a /wp-admin/ url, we know for sure that it was a backend request.

function request_is_frontend_ajax()
{
  $script_filename = isset($_SERVER['SCRIPT_FILENAME']) ? $_SERVER['SCRIPT_FILENAME'] : '';

  //Try to figure out if frontend AJAX request... If we are DOING_AJAX; let's look closer
  if((defined('DOING_AJAX') && DOING_AJAX))
  {
          //From wp-includes/functions.php, wp_get_referer() function.
          //Required to fix: https://core.trac.wordpress.org/ticket/25294
          $ref = '';
          if ( ! empty( $_REQUEST['_wp_http_referer'] ) )
              $ref = wp_unslash( $_REQUEST['_wp_http_referer'] );
          elseif ( ! empty( $_SERVER['HTTP_REFERER'] ) )
              $ref = wp_unslash( $_SERVER['HTTP_REFERER'] );

    //If referer does not contain admin URL and we are using the admin-ajax.php endpoint, this is likely a frontend AJAX request
    if(((strpos($ref, admin_url()) === false) && (basename($script_filename) === 'admin-ajax.php')))
      return true;
  }

      //If no checks triggered, we end up here - not an AJAX request.
      return false;
}

Usage

if(request_is_frontend_ajax()) {
    //Do something only on frontend ajax
}

Related posts

  1. WordPress Request Buster
  2. Building the right administration interface for every user
  3. Escaping and securing Advanced Custom Fields output
  4. Configuring WordPress to work behind an Application Load Balancer (ALB) in AWS
WordPress
Stanislav Khromov
Author

Full-stack impostor syndrome sufferer & Software Engineer at Schibsted Media Group

Comments 3
  • Sudip Das
    Posted on

    Sudip Das Sudip Das

    Reply Author

    Hi,
    Thanks. It is working fine and you saved my time. Thank you.

  • O
    Posted on

    O O

    Reply Author

    You will fail if hit update post via quick edit after direct opening link with posts list page, because HTTP_REFERER will remain not exist, until further clicking though wp-admin pages.

    • Stanislav Khromov
      Posted on

      Stanislav Khromov Stanislav Khromov

      Reply Author

      Hi O,

      I can’t reproduce that. Here are the steps:

      * Go to edit.php (post list)
      * Quick edit a post and press update

      I can see that the `admin-ajax.php` request has the referrer `http://…./edit.php`

      If you can present better reproduction steps I’d be happy to look into it further.