检测从邮递员发送的请求 [英] Detect Request sent from Postman
问题描述
我想请求使用 laravel 验证人们的 ID.由于它非常可信,我想仅在他们通过手机验证时才提供它.
因此,必须防止从邮递员请求中验证 ID.
有没有办法检测一个请求是否来自邮递员?
I want to make a request to verify people's ID using laravel. Since it's very credential, I want to make it available only if they verify it from their mobiles.
So it must be prevented that the IDs are verified from postman request.
Is there a way to detect that a request is sent from postman or not?
任何想法都会非常受欢迎:).
先谢谢了
Any idea would be very appreaciated :).
Thank you before
推荐答案
Postman 倾向于发送一个名为 postman-token
之类的标头,因此如果存在这样的标头,您可以阻止请求.
Postman has a tendency to send a header called something like postman-token
so you could block the request if such a header exists.
编辑请注意,可以在邮递员设置中关闭此标题
Edit Note that this header can be turned off in postman settingss
正如@EdwardChew 所写,这不会阻止人们使用 postman/curl/python/任何其他东西.向端点添加身份验证是最好的方法.
As @EdwardChew wrote, this does NOT prevent people from using postman/curl/python/anything else. adding authentication to the endpoint is the best approach.
邮递员请求示例:
GET /api/car HTTP/1.1
Host: localhost:8080
Content-Type: application/json
cache-control: no-cache
Postman-Token: 05f5c492-3697-41b1-be0f-fb9bc4499b96
由于 postman 有代码"功能,如果请求被阻塞,可以简单地将其复制为 curl 命令:
Since postman has the "code" feature, if the request is blocked it is simple to copy it as a curl command:
curl -X GET \
http://localhost:8080/api/car \
-H 'Content-Type: application/json' \
-H 'Postman-Token: e37790ea-a3a5-40cf-ac4c-b80184801f94' \
-H 'cache-control: no-cache'
并删除带有 Postman-Token
标头的行.我在试验 API 时通常会这样做.
and just deleting the line with the Postman-Token
header. I normally do so when experimenting with APIs.
如果你查看 Laravel 文档,有一节是关于授权的:https://laravel.com/docs/5.8/api-authentication这将强制用户添加如下所示的标头令牌:Authorization: Bearer 8fyew8f9yefo7o9yg98gyr
然后您就可以验证调用者
If you look at the Laravel doucmentation, there is a section on authorization: https://laravel.com/docs/5.8/api-authentication
which would force users to add a header token something like this: Authorization: Bearer 8fyew8f9yefo7o9yg98gyr
and you would then be able to verify the caller
这篇关于检测从邮递员发送的请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!