Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a script that makes a POST request to my website from other websites (different domains) and I need to know if it’s possible to get what’s that other domain.
Like: helloworld.com uses my script and it executes a POST request with mywebsite.com. How does mywebsite.com know that the request is from helloworld.com?
I have tried with $_SERVER['REMOTE_HOST'] but that’s not working.
You need to inspect the HTTP referrer.
In PHP this would be
$_SERVER['HTTP_REFERER'];.In JavaScript, this would be
document.referrer.Note that it can be inaccurate and is easy to be spoofed, so it’s value should be taken with a pinch of salt.
To provide a little bit more detail on how you can do this reliably (albeit with the cooperation of the remote server):
secretbe a arbitrary string (abc123).keybe a random string which is unique to each request (e.g. the current time)tokenbymd5(secret + key).keyandtoken(but notsecret) in the POST request.md5(secret + key) === tokenBecause no-one knows the secret, you can guarantee that the request originated from the remote server. Of course, it’s then possible for someone to request the form from the remote server, steal the
keyandtoken, and then forward the request to yourself…