stackoom
  简体   繁体   中英

how can I make sure that the origin of the request to my server is legit?

 原文  2019-01-02 18:27:18       php/ apache/ web/ server/ cors

Question

I am developing a web application where I have to make sure the provided origin of the request trough http headers is correct?

let's say I am expecting a request from example.com, the only way to check request origin(as domain) is trough provided request headers as far as I know, I know that I can control the access to the server trough "Allow-Access-Control-Headers:"example.com"" header but what is preventing example2.com putting a origin header that says the request is coming from example.com?

1 answers

solution1
 1  2019-01-02 18:38:59

unfortunately you cant, as it can be faked easily. if you application requires top notch security then i suggest you look into AUTH tokens

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I make dates legit/safe before passing it to strtotime()? How I can get origin of request with PHP? How can I make sure my PHP session variables are there when I need them? How can I make sure that my PHP api can only be used by a specific javascript page 500 Internal Server Error on Ajax request. Not sure the origin of the problem How can I make sure my deleted_at field gets set to NULL on save in Laravel? How can I make sure only my phonegapp ajax posts will be executed by php How can I make sure my button stays even after it has reset the page How to make sure only my app can insert data into the DB? How can I make this sql request work in my php?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM