在 PHP 中确定 Referer [英] Determining Referer in PHP

问题描述

确定哪个页面发送或调用(通过 AJAX)当前页面的最可靠和最安全的方法是什么.我不想使用 $_SERVER['HTTP_REFERER']，因为(缺乏)可靠性，我需要被调用的页面仅来自我网站上的请求.

我想验证是否正在从我网站上的页面调用执行一系列操作的脚本.

What is the most reliable and secure way to determine what page either sent, or called (via AJAX), the current page. I don't want to use the $_SERVER['HTTP_REFERER'], because of the (lack of) reliability, and I need the page being called to only come from requests originating on my site.

I am looking to verify that a script that preforms a series of actions is being called from a page on my website.

推荐答案

REFERER 作为 HTTP 协议的一部分由客户端的浏览器发送，因此确实不可靠.它可能不存在，也可能是伪造的，如果出于安全原因，您就不能信任它.

The REFERER is sent by the client's browser as part of the HTTP protocol, and is therefore unreliable indeed. It might not be there, it might be forged, you just can't trust it if it's for security reasons.

如果您想验证请求是否来自您的站点，那么您不能，但您可以验证用户是否访问过您的站点和/或已通过身份验证.Cookie 在 AJAX 请求中发送，因此您可以依赖它.

If you want to verify if a request is coming from your site, well you can't, but you can verify the user has been to your site and/or is authenticated. Cookies are sent in AJAX requests so you can rely on that.

这篇关于在 PHP 中确定 Referer的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！