All geek questions in one place

How can I get the request source with PHP?

If someone sends an XHR request from some-client.com to some-rest.com , I want to get the source ( domain name, not ip client ) of the request from PHP.

Possible solutions:

  • Maybe I can use $_SERVER['HTTP_ORIGIN'] , but I don't know if this is the standard.
  • I see a different header like $_SERVER['HTTP_HOST'] or $_SERVER['SERVER_NAME'] , but in some cases this returns the real hostname , not the real domain .
  • And $_SERVER['REMOTE_ADDR'] provides the client IP address.

What is the correct way to get the origin of the request as a domain name with PHP?

Thanks!

+5
source share
4 answers

According to the article HTTP Access Control (CORS) by MDN:

All requests must be set to the Origin header to work correctly under the CORS (Cross-origin) resource sharing mechanism).

The Origin request header is part of RFC 6454 and describes it as part of the CORS mechanism and is compatible with all browsers according to MDN.

MDN Description:

The Origin request header indicates where the fetch comes from. It does not contain any path information, but only the server name. this is sent with CORS requests as well as with POST requests. This is similar to the Referer header, but, unlike this header, it does not expand all the way.

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin

MDN example: enter image description here

So, to get the original XHR request with PHP, you can use:

 $_SERVER['HTTP_ORIGIN']

And, in the case of a direct request, you can combine HTTP_REFERER and REMOTE_ADDR as:

 if (array_key_exists('HTTP_REFERER', $_SERVER)) { $origin = $_SERVER['HTTP_REFERER']; } else { $origin = $_SERVER['REMOTE_ADDR']; }

So, a possible final solution:

 if (array_key_exists('HTTP_ORIGIN', $_SERVER)) { $origin = $_SERVER['HTTP_ORIGIN']; } else if (array_key_exists('HTTP_REFERER', $_SERVER)) { $origin = $_SERVER['HTTP_REFERER']; } else { $origin = $_SERVER['REMOTE_ADDR']; }

MDN Mozilla Developer Network .

Thanks so much for helping @trine, @ waseem-bashir, @ p0lt10n and others.

+8
source

in php you can use $ _SERVER ['HTTP_REFERER']. if you use codeigniter then you can get the referrer using $ this-> agent-> is_referral ().

+1
source 
 $_SERVER['HTTP_ORIGIN'] // HTTP Origin header $_SERVER['HTTP_HOST'] // HTTP Host header $_SERVER['HTTP_REFERER'] // HTTP Referer header $_SERVER['REMOTE_ADDR'] // HTTP Client Public IP

We will discuss the $_SERVER options above.

First, XHR is on the client side and is associated with the http client. Since the Origin and Referer headers are optional, a client other than a standard web browser will not install this. The following node header may not be required. If your REST server uses virtual hosts, this header is required to correctly route requests. But there is no customer information in this header. The public IP address is only a unique thing for the http client. But this is consistent with many clients, because ISP uses network address translation or proxies.

Since everything is relative and within boundaries, CORS -like mechanisms are built on the HTTP Origin header. Customers are expected to use standard browsers.

In your case, my opinion is normal to depend on the Origin header. You can implement the CORS engine if it suits you.

+1
source

Try this snippet on your web server.

 <?php if($_SERVER["HTTP_REFERER"]){ $path = $_SERVER["REQUEST_URI"]; echo $_SERVER["HTTP_REFERER"].$path; exit(); } ?> <script> function func1(){ $.post( "<?php echo basename($_SERVER["SCRIPT_FILENAME"], '.php').".php"; ?>", {}, function( data ) { /*--------------------this data variable is your answer, use it wherever you want-----------*/ document.write(data); }); } window.onload=func1(); </script> <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
-1
source

Source: https://habr.com/ru/post/1201208/

More articles:


All Articles