检测从 Postman 发送的请求 [英] Detect Request sent from Postman
问题描述
我想请求使用 laravel 验证人们的 ID.由于它非常具有凭据,因此我只想在他们通过手机验证时才可使用它.
因此,必须防止从邮递员请求中验证 ID.
有没有办法检测到邮递员是否发送了请求?
I want to make a request to verify people's ID using laravel. Since it's very credential, I want to make it available only if they verify it from their mobiles.
So it must be prevented that the IDs are verified from postman request.
Is there a way to detect that a request is sent from postman or not?
任何想法都会非常感激:).
之前谢谢你
Any idea would be very appreaciated :).
Thank you before
推荐答案
Postman 倾向于发送名为 postman-token
之类的标头,因此如果存在这样的标头,您可以阻止请求.
Postman has a tendency to send a header called something like postman-token
so you could block the request if such a header exists.
编辑注意这个header可以在postman设置中关闭
Edit Note that this header can be turned off in postman settingss
正如@EdwardChew 所写,这并不妨碍人们使用 postman/curl/python/其他任何东西.向端点添加身份验证是最好的方法.
As @EdwardChew wrote, this does NOT prevent people from using postman/curl/python/anything else. adding authentication to the endpoint is the best approach.
邮递员请求示例:
GET /api/car HTTP/1.1
Host: localhost:8080
Content-Type: application/json
cache-control: no-cache
Postman-Token: 05f5c492-3697-41b1-be0f-fb9bc4499b96
由于邮递员具有代码"功能,如果请求被阻止,很容易将其复制为 curl 命令:
Since postman has the "code" feature, if the request is blocked it is simple to copy it as a curl command:
curl -X GET
http://localhost:8080/api/car
-H 'Content-Type: application/json'
-H 'Postman-Token: e37790ea-a3a5-40cf-ac4c-b80184801f94'
-H 'cache-control: no-cache'
并删除带有 Postman-Token
标头的行.我通常在试验 API 时这样做.
and just deleting the line with the Postman-Token
header. I normally do so when experimenting with APIs.
如果你查看 Laravel 文档,有一节关于授权:https://laravel.com/docs/5.8/api-authentication这将强制用户添加类似这样的标头令牌:Authorization: Bearer 8fyew8f9yefo7o9yg98gyr
然后您就可以验证调用者
If you look at the Laravel doucmentation, there is a section on authorization: https://laravel.com/docs/5.8/api-authentication
which would force users to add a header token something like this: Authorization: Bearer 8fyew8f9yefo7o9yg98gyr
and you would then be able to verify the caller
这篇关于检测从 Postman 发送的请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!