According to the article HTTP access control (CORS)by MDN:

根据MDN的文章HTTP 访问控制 (CORS)：

All requests must be set Originheader to work correctly under CORS(Cross-origin resource sharing) mechanism.

所有请求都必须设置Origin标头才能在 CORS（跨域资源共享）机制下正常工作。

The "Origin" request header is part of RFC 6454and describes it as part of CORS mechanismand is compatible with all browsers according to MDN.

的“产地”请求头是一部分RFC 6454和把它描述为的CORS机构部和与根据MDN所有浏览器兼容。

Description by MDN:

MDN 描述：

The Originrequest header indicates where a fetch originates from. It doesn't include any path information, but only the server name. It is sent with CORS requests, as well as with POST requests. It is similar to the Referer header, but, unlike this header, it doesn't disclose the whole path.

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin

的Origin请求报头指示其中一个取从起源。它不包含任何路径信息，而只包含服务器名称。它与 CORS 请求以及 POST 请求一起发送。它类似于 Referer 标头，但与此标头不同的是，它不公开整个路径。

来源：https: //developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin

Example by MDN:

MDN 示例：

So, to get origin of the XHR request with PHP you can use:

因此，要使用 PHP 获取 XHR 请求的来源，您可以使用：

$_SERVER['HTTP_ORIGIN'] 

And, in the case of a direct request, you can combineHTTP_REFERERand REMOTE_ADDRlike:

而且，在直接请求的情况下，您可以组合HTTP_REFERER并REMOTE_ADDR喜欢：

if (array_key_exists('HTTP_REFERER', $_SERVER)) {
    $origin = $_SERVER['HTTP_REFERER'];
} else {
    $origin = $_SERVER['REMOTE_ADDR'];
}

So, the possible final solution is:

因此，可能的最终解决方案是：

if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {
    $origin = $_SERVER['HTTP_ORIGIN'];
}
else if (array_key_exists('HTTP_REFERER', $_SERVER)) {
    $origin = $_SERVER['HTTP_REFERER'];
} else {
    $origin = $_SERVER['REMOTE_ADDR'];
}

MDN is Mozilla Developer Network.

MDN 是Mozilla 开发者网络。

Thanks a lot for help @trine, @waseem-bashir, @p0lt10n, and others persons.

非常感谢@trine、@waseem-bashir、@p0lt10n 和其他人的帮助。

in php you can get using $_SERVER['HTTP_REFERER']. if you are using codeigniter then you can get the referrer using $this->agent->is_referral().

在 php 中，您可以使用 $_SERVER['HTTP_REFERER']。如果您使用的是 codeigniter，那么您可以使用 $this->agent->is_referral() 获取引用。

$_SERVER['HTTP_ORIGIN']  // HTTP Origin header
$_SERVER['HTTP_HOST']    // HTTP Host header
$_SERVER['HTTP_REFERER'] // HTTP Referer header
$_SERVER['REMOTE_ADDR']  // HTTP Client's Public IP

Let's discuss above $_SERVERparameters.

让我们讨论上述$_SERVER参数。

First, XHR is at client side and it bounds with a http client. As Origin and Referer headers are not mandatory, a client other than standard web browser will not set that. Next Host header may not be mandatory. If your REST server uses virtual hosts, this header is a must to route requests correctly. But this header doesn't have any detail about the client. Only unique thing for http client is Public IP. But this corresponds to many clients as ISP's use network address translations or proxies.

首先，XHR 在客户端，它与 http 客户端绑定。由于 Origin 和 Referer 标头不是强制性的，因此标准 Web 浏览器以外的客户端不会设置它。Next Host 标头可能不是强制性的。如果您的 REST 服务器使用虚拟主机，则此标头是正确路由请求所必需的。但是这个标题没有关于客户端的任何细节。http 客户端唯一的独特之处是公共 IP。但这对应于许多客户端，因为 ISP 使用网络地址转换或代理。

Since everything is relative and within bounds, CORSlike mechanisms are built on HTTP Origin header. Clients are assumed and advised to be using standard browsers.

由于一切都是相对的并且在界限内，因此类似CORS 的机制建立在 HTTP Origin 标头上。假定并建议客户使用标准浏览器。

In your case, my opinion is it's OK to depend on Origin header. You can implement CORSmechanism if it suits for you.

在您的情况下，我认为可以依赖 Origin 标头。如果适合您，您可以实施CORS机制。