If you are working with AJAX calls, you should at least verify where the calls are coming from.
|
1 2 3 4 |
if (strpos(Mage::helper('core/http')->getHttpReferer(), Mage::getBaseUrl()) === false) { exit(); } |
Please find the complete code on Gist.