PHP, how do you check the page you asked?



  • I need to make sure that the request to the violin comes from my server. I found it. $_SERVER['REQUEST_URI']but it only shows a relative path to the file itself. (/order/order.php)♪ I'm using a violin through ajax, maybe that's the problem?

    How do I get a full path or make sure my server's asking?



  • There's a heading Referrer that shows where the request came from. Brauser may not send this information, and then you can't find out.

    If the browser sent this information, it's in the $SERVER.

    Information from http://php.net/manual/ru/reserved.variables.server.php :

    Page address (if any) that led the user ' s browser to That page. This heading is established by a web-based browser The user. Not all browsers set it and some as the contents of the change headline HTTP_REFERER. In short, he can't really be trusted.

    If you want to protect yourself from counterfeiting requests, you can add an undetected token known only to your server to every request. In this way, if a request comes without a suitable token, it will be denied access, which is commonly used for protection from CSRF, which leads to the ability of the hacker to carry out a mass of different actions on behalf of other registered visitors on an unprepared website.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2