PHP HTTP 引荐来源网址

发布于 2024-10-22 03:08:54 字数 164 浏览 2 评论 0原文

我有一个接受来自远程站点的 POST 的页面。我想检测这些帖子来自的域。我意识到它可以被欺骗,但总比没有好。 我尝试访问 HTTP_REFERER 变量,但它只返回 null。

该页面接受来自 PayPal(即时付款通知)和其他支付网关等来源的 POST。

我怎样才能接到推荐电话?

I have a page which accepts POSTs from a remote site. I would like to detect the domain that these POSTs are coming from. I realize that it can be spoofed but it is better than nothing.
I have tried accessing the HTTP_REFERER variable but it just returns null.

The page accepts POSTs from sources like PayPal (instant payment notifications) and other payment gateways.

How can I get the referring call?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

叶落知秋 2024-10-29 03:08:54

您拼写的 Referer 正确。应该是:

$_SERVER['HTTP_REFERER']

You spelled Referer correctly. It should be:

$_SERVER['HTTP_REFERER']
一影成城 2024-10-29 03:08:54
$_SERVER['HTTP_REFERER'] 

使用单个 R,请尝试 var_dump($_SERVER) 以获取更多信息。

$_SERVER['HTTP_REFERER'] 

with a single R, try var_dump($_SERVER) for more info.

大姐,你呐 2024-10-29 03:08:54

您是对的,推荐人很容易被欺骗,但是有更好的解决方案。阅读 ipn 文档,其中他们提到了验证机制。永远不要相信用户。

You are right that the referrer is easy to spoof, however there is a better solution. Read the ipn documentation in which they mention validation mechanisms. Never trust the user.

秋叶绚丽 2024-10-29 03:08:54

这对我来说非常有效:

https://stackoverflow.com/a/17958676/2635701

<form action="http://www.yourdomain.com/subscribe" 
   method="POST" 
   onsubmit=
      "document.getElementById('www.yourdomain.com.referrer').value=window.location;" >
    <!-- hidden input for field starts with a domain registered by you 
    just so that it's unlikely to clash with anything else on the page -->
    <input type="hidden" id="www.yourdomain.com.referrer" name="referrer"/>
    your email: <input name="email" type="text"/>
    ... rest of form ...
    <input type="submit" value="Subscribe"/>
</form>

This works for me pretty well:

https://stackoverflow.com/a/17958676/2635701

<form action="http://www.yourdomain.com/subscribe" 
   method="POST" 
   onsubmit=
      "document.getElementById('www.yourdomain.com.referrer').value=window.location;" >
    <!-- hidden input for field starts with a domain registered by you 
    just so that it's unlikely to clash with anything else on the page -->
    <input type="hidden" id="www.yourdomain.com.referrer" name="referrer"/>
    your email: <input name="email" type="text"/>
    ... rest of form ...
    <input type="submit" value="Subscribe"/>
</form>
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文