php 中 HTTP_REFERER 的其他选项是什么?
我想知道 $_SERVER['HTTP_REFERER'] 是否有任何选项/工作环境。因为“HTTP_REFERER”不可信。 那么还有什么其他方法可以知道请求来自哪个 url?
情况是这样的—— http://abc.com/one.html 将有一个 iframe,其 src=http://xyz.com/giv.php?param=1。 xyz.com 上的 giv.php 如何知道请求来自 http://abc.com/one.html?
I want to know is there any option/work sround for $_SERVER['HTTP_REFERER']. Because 'HTTP_REFERER' can not be trusted.
Then What is other way to know that from which url the request has came from?.
Here is the situation -
http:// abc.com/one.htmlwill have an iframe having src=http:// xyz.com/giv.php?param=1.
How giv.php on xyz.com will know that request is coming from http:// abc.com/one.html?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
抱歉,没有其他办法了。欢迎来到互联网
Sorry, there is no other way. Welcome to the Internet
这看起来可能是一个 XY 问题。
如果 X 是
那么推荐人就“足够好”了。
要伪造引用者,用户必须参与。未经授权的网站无法告诉用户的浏览器发送虚假引荐来源网址。
This looks like it might be an X-Y problem.
If X is
Then the referer is "good enough".
For the referer to be forged, the user has to participate. The unauthorised website can't tell the user's browser to send a false referer.
如果您确实想要信任,那么:
即使如此,该令牌也可能会被用户泄露(或者故意或通过安装在其系统上的恶意软件)。
If you really want trust, then:
Even then, the token can be leaked by the user (either intentionally or through malware installed on their system).