Make sure the XmlHttpRequest header is checked

Controller/HelperController.php

@@ -208,6 +208,10 @@ class HelperController
         $admin->setRequest($request);
 
         // alter should be done by using a post method
+        if (!$request->isXmlHttpRequest()) {
+            return new JsonResponse(array('status' => 'KO', 'message' => 'Expected a XmlHttpRequest request header'));
+        }
+
         if ($request->getMethod() != 'POST') {
             return new JsonResponse(array('status' => 'KO', 'message' => 'Expected a POST Request'));
         }

Tests/Controller/HelperControllerTest.php

@@ -162,7 +162,7 @@ class HelperControllerTest extends \PHPUnit_Framework_TestCase
             'field'   => 'enabled',
             'value'   => 1,
             'context' => 'list',
-        ), array(), array(), array(), array(), array('REQUEST_METHOD' => 'POST'));
+        ), array(), array(), array(), array(), array('REQUEST_METHOD' => 'POST', 'HTTP_X_REQUESTED_WITH' => 'XMLHttpRequest'));
 
         $pool = new Pool($container, 'title', 'logo');