Is it possible to only allow access to an HTML page from a specific URL?
Question
For example;
Users go to buy a product on a website, they go to PayPal checkout and post checkout PayPal sends them to success.html
Is it possible to ONLY allow access from PayPal.com for success.html, And for anyone who tries to type in index/success.html directly, setup a redirect.
1 answers
solution1
0 2015-10-11 12:11:49
You can check the session when the user returns to the success.html page. If you can't cross reference a payment for this session, you could then display an error or redirect the user.
When you use paypal as a payment provider they will normally send a seperate request to a different URL on your site verifying the payment which you can then cross reference when the user hits success.html to ensure that the user really had paid.
If you don't have this set up in your paypal settings, there is nothing to stop a user, or some device crawling after the user, from hitting the page.
Using the referer HTTP header is unreliable as it can be spoofed and many privacy-related browser extensions will either remove it or set it to an unrelated URL.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.