[英]How do I deny page requests by REQUEST_METHOD?
I have a page that should only allow 'POST' headers but it currently accepts all. 我有一个页面只应允许使用“ POST”标题,但当前它接受所有页面。
This is the code I already have. 这是我已经拥有的代码。
The echo displays the method used when testing with Postman, no matter what method I use I get a 200 OK result. 回显会显示使用Postman测试时使用的方法,无论我使用哪种方法,都会得到200 OK的结果。
Do I need to add anything further into .htaccess or Apache config? 我是否需要在.htaccess或Apache配置中添加更多内容?
// required headers
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: POST");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With");
echo ($_SERVER["REQUEST_METHOD"]);
To only allow POST
request, you could add this into the htaccess file : 要仅允许POST
请求,可以将其添加到htaccess文件中:
<LimitExcept POST HEAD>
Order Allow,Deny
Deny from all
</LimitExcept>
Edit 编辑
Or you could do it on the PHP script : 或者,您可以在PHP脚本上执行此操作:
$currentRequestMethod = $_SERVER['REQUEST_METHOD'];
//A PHP array containing the methods that are allowed.
$allowedRequestMethods = array('POST', 'HEAD');
//Check to see if the current request method isn't allowed.
if(!in_array($currentRequestMethod, $allowedRequestMethods)){
//Send a "405 Method Not Allowed" header to the client and kill the script
header($_SERVER["SERVER_PROTOCOL"]." 405 Method Not Allowed", true, 405);
exit;
}
Reference : PHP: Block POST requests 参考: PHP:阻止POST请求
To check via PHP for allowed method and send out an individual error: 要通过PHP检查允许的方法并发出单个错误:
if ($_SERVER["REQUEST_METHOD"] !== 'POST') {
header('HTTP/1.0 403 Forbidden');
echo 'This method is not allowed!';
exit;
}
// Here comes your regular code
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.