Home/ Questions/Q 891495
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T13:54:02+00:00

I’m trying to write some code that various sites will embed, calling a script

  • 0

I’m trying to write some code that various sites will embed, calling a script on my server. That script streams the binary data for an image and spits it into an image tag.

However, I’m trying to control who has access to that script. So if I hand out my embed code to, say, yourwebsite.com, I want to make sure the client requesting this script got it from “yourwebsite.com”.

Any suggestions?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Have you tried $_SERVER['HTTP_REFERER']?

    This will work most of the time but please take the fllowing into account:

    The REFERER is sent by the client’s browser as part of the HTTP protocol, and is therefore unreliable indeed. It might not be there, it might be forged, you just can’t trust it if it’s for security reasons.

    If you want to verify if a request is coming from your site, well you can’t, but you can verify the user has been to your site and/or is authenticated. Cookies are sent in AJAX requests so you can rely on that.

    via @Seldaek

    • 0