All geek questions in one place

How to get the start of an HTTP request in php

I want to create an API and authenticate users to an API; I have provided the KEY, App-id, and App-Secret APIs. The problem is that I want to know where the http request comes from, so that I can know if the Host making the que request is registered by the Host. For example: www.someone.com has app-id: 0001, app-secret: 1200 and api-key: 458. If these credentials are used to execute request A, I want to know if the requestor is really www.someone.com

+5
source share
4 answers

Use $_SERVER['HTTP_REFERER'] . This is the address of the page (if any) that linked to the user agent on the current page. This is set by the user agent. Not all user agents will install this, but some provide the ability to modify HTTP_REFERER as a function.

For further restrictions, you can do the following. example.com should be changed to your domain.

IIS is given below in web configuration :

 add name="Access-Control-Allow-Origin" value="http://www.example.com"

Apache listed below in httpd.conf / apache.conf

 Header add Access-Control-Allow-Origin "http://www.example.com"
0
source

Typically, this header should do the job. The presence of the domain name in this header

 header("Access-Control-Allow-Origin: " . $_SERVER['HTTP_ORIGIN'] . ""); // use domain name instead of $_SERVER['HTTP_ORIGIN'] above

but if you want to check additional information, use something like the following snippet

 $allowed = array('domain1', 'domain2', 'domain3'); if(isset($_SERVER['HTTP_ORIGIN']) && in_array($_SERVER['HTTP_ORIGIN'], $allowed)){ // SELECT credentials for this user account from database if(isset($_GET['api_key'], $_GET['app_secret']) && $_GET['api_key'] == 'api_key_from_db' && $_GET['app_secret'] == 'app_secret_from_db' ){ // all fine }else{ // not allowed } }else{ // not allowed }

If users need to transfer more data to your service, use POST instead of GET

+12
source

I think you mean that you want to access the "Origin" header in the request headers (as opposed to setting it in the response headers).

For this, the easiest way is to access the built-in getallheaders () function, which is an alias for apache_request_headers () - NB it is assumed that you are using php as a module.

This returns an array, so the Origin header should be accessible as follows:

 $request_headers = getallheaders(); $origin = $request_headers['Origin'];

If you use php through something like fastcgi, then I believe that it will be available in the environment - usually with a capital letter and with the prefix "HTTP_", so it should be $_SERVER['HTTP_ORIGIN'] .

Hope this helps someone else find this :)

+2
source

Using var_dump , you can see everything request offer.

 var_dump($_REQUEST);

Make a var_dump in the global server . It contains a lot of useful information.

 var_dump($_SERVER);
+1
source

Source: https://habr.com/ru/post/1201207/

More articles:


All Articles