检测从邮递员发送的请求 [英] Detect Request sent from Postman

问题描述

我想请求使用 laravel 验证人们的 ID.由于它非常可信，我想仅在他们通过手机验证时才提供它.
因此，必须防止从邮递员请求中验证 ID.
有没有办法检测一个请求是否来自邮递员?

I want to make a request to verify people's ID using laravel. Since it's very credential, I want to make it available only if they verify it from their mobiles.
So it must be prevented that the IDs are verified from postman request.
Is there a way to detect that a request is sent from postman or not?

任何想法都会非常受欢迎:).
先谢谢了

Any idea would be very appreaciated :).
Thank you before

推荐答案

Postman 倾向于发送一个名为 postman-token 之类的标头，因此如果存在这样的标头，您可以阻止请求.

Postman has a tendency to send a header called something like postman-token so you could block the request if such a header exists.

编辑请注意，可以在邮递员设置中关闭此标题

Edit Note that this header can be turned off in postman settingss

正如@EdwardChew 所写，这不会阻止人们使用 postman/curl/python/任何其他东西.向端点添加身份验证是最好的方法.

As @EdwardChew wrote, this does NOT prevent people from using postman/curl/python/anything else. adding authentication to the endpoint is the best approach.

邮递员请求示例:

GET /api/car HTTP/1.1
Host: localhost:8080
Content-Type: application/json
cache-control: no-cache
Postman-Token: 05f5c492-3697-41b1-be0f-fb9bc4499b96

由于 postman 有代码"功能，如果请求被阻塞，可以简单地将其复制为 curl 命令:

Since postman has the "code" feature, if the request is blocked it is simple to copy it as a curl command:

curl -X GET \
  http://localhost:8080/api/car \
  -H 'Content-Type: application/json' \
  -H 'Postman-Token: e37790ea-a3a5-40cf-ac4c-b80184801f94' \
  -H 'cache-control: no-cache'

并删除带有 Postman-Token 标头的行.我在试验 API 时通常会这样做.

and just deleting the line with the Postman-Token header. I normally do so when experimenting with APIs.

如果你查看 Laravel 文档，有一节是关于授权的:https://laravel.com/docs/5.8/api-authentication这将强制用户添加如下所示的标头令牌:Authorization: Bearer 8fyew8f9yefo7o9yg98gyr 然后您就可以验证调用者

If you look at the Laravel doucmentation, there is a section on authorization: https://laravel.com/docs/5.8/api-authentication which would force users to add a header token something like this: Authorization: Bearer 8fyew8f9yefo7o9yg98gyr and you would then be able to verify the caller

这篇关于检测从邮递员发送的请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！