PHP HTTP 引用
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5307070/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP HTTP Referrer
提问by aaronfarr
I have a page which accepts POSTs from a remote site. I would like to detect the domain that these POSTs are coming from. I realize that it can be spoofed but it is better than nothing. I have tried accessing the HTTP_REFERER variable but it just returns null.
我有一个接受来自远程站点的 POST 的页面。我想检测这些 POST 来自的域。我意识到它可以被欺骗,但总比没有好。我曾尝试访问 HTTP_REFERER 变量,但它只返回 null。
The page accepts POSTs from sources like PayPal (instant payment notifications) and other payment gateways.
该页面接受来自 PayPal(即时支付通知)和其他支付网关等来源的 POST。
How can I get the referring call?
我怎样才能接到转介电话?
回答by Matthew Flaschen
You spelled Referer correctly. It should be:
您正确拼写了 Referer。它应该是:
$_SERVER['HTTP_REFERER']
回答by AbiusX
$_SERVER['HTTP_REFERER']
with a single R, try var_dump($_SERVER) for more info.
使用单个 R,尝试 var_dump($_SERVER) 以获取更多信息。
回答by Mike Lewis
You are right that the referrer is easy to spoof, however there is a better solution. Read the ipn documentationin which they mention validation mechanisms. Never trust the user.
推荐人很容易被欺骗是对的,但是有一个更好的解决方案。阅读他们提到验证机制的ipn 文档。永远不要相信用户。
回答by Maxim Lavrov
This works for me pretty well:
这对我很有效:
https://stackoverflow.com/a/17958676/2635701
https://stackoverflow.com/a/17958676/2635701
<form action="http://www.yourdomain.com/subscribe"
method="POST"
onsubmit=
"document.getElementById('www.yourdomain.com.referrer').value=window.location;" >
<!-- hidden input for field starts with a domain registered by you
just so that it's unlikely to clash with anything else on the page -->
<input type="hidden" id="www.yourdomain.com.referrer" name="referrer"/>
your email: <input name="email" type="text"/>
... rest of form ...
<input type="submit" value="Subscribe"/>
</form>
