How to ensure the HTTP_REQUEST Is coming from the right place?
Posted
by
seatoskyhk
on Stack Overflow
See other posts from Stack Overflow
or by seatoskyhk
Published on 2010-12-30T21:47:44Z
Indexed on
2010/12/30
21:54 UTC
Read the original article
Hit count: 174
I learn that HTTP_REFERER or any HTTP request header can be fake and not reliable.
REMOTE_ADDR is reliable though.
so, how can I ensure the incoming HTTP_REQUEST call is coming from a website that I white-list?
For example, I have a js code that will send from client site to server. (something like a sniper, cross platform). however, I only allow this happen from several websites. Not others. so, even other people copy the code and put onto their website, it won't work.
© Stack Overflow or respective owner