Is there any way (in Java Servlet) to determine whether a HTTP POST or GET request is a result from a submission from a HTML form or otherwise?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is there any way (in Java Servlet) to determine whether a HTTP POST or GET request is a result from a submission from a HTML form or otherwise?
You could possibly do it with a hidden form field + a cookie.
What you could do is set up a nonce, and have that as the hidden field of the form. You would then apply that to a cookie that is sent along with the form. The cookie should be linked to the hidden field, and should also contain some kind of nonce. Finally, when the form is submitted, you can check the cookie and hidden field, and see if they are correct. If you want, link it up to the IP address and user agent of the original request for the form. You could even spice all this up with some Javascript. Make the hidden field blank to start with, but then some ajax to request the hidden field nonce from the server.
This won’t be perfect, but that should get you 80%-90% of the way there. Someone with decent HTTP skills could still spoof it though.
It raises the question however, why do you want to differentiate the request at that level?
Or are you really just trying to figure out whether or not the user hit the ‘submit’ button? (If that is the case, then the name/value pair of the submit button should be in the request entity/query string… depending on the form method.)