I have a question, I hope and you can help me, I'm new to laravel and I'm doing a system where I'm using Ajax The thing is like this
This is an example of the way I'm doing it
I have a route called "host: 8000 / people"
Which your index method returns to me a view where you will see a list of all the people I have registered, each with a button If I press that button, through ajax I make a query to the route
"infopersonas / {idpersona}"
This route as I said, is sent to call by ajax and the information of that person is shown on the screen, and with all the buttons, every time you press, the information is displayed.
Something similar I do in different modules, I use a route to show the view and inside the views with ajax I send to call information dynamically
My question is Is it okay to do so ?, is that I have seen some examples of systems where most of the time their routes only return views, very little return the json as such
If that is the case, how would it be solved if someone malicious intends to intercept the route and see the information like this
host: 8000 / infouser / 1
host: 8000 / infouser / 2
host: 8000 / infouser / 3
This way you can see the json that comes back
By the way, I have already implemented the authentication, the routes are protected, but since it is a free login system they could still get those routes and they would be logged in.
Can it be blocked so that these routes are accessed only from the system and not put them directly in the browser or any other application program?
I hope and you can guide me, thank you very much