How to ensure the HTTP_REQUEST Is coming from the right place?

Posted by seatoskyhk on Stack Overflow See other posts from Stack Overflow or by seatoskyhk
Published on 2010-12-30T21:47:44Z Indexed on 2010/12/30 21:54 UTC
Read the original article Hit count: 172

Filed under:
|
|

I learn that HTTP_REFERER or any HTTP request header can be fake and not reliable.

REMOTE_ADDR is reliable though.

so, how can I ensure the incoming HTTP_REQUEST call is coming from a website that I white-list?

For example, I have a js code that will send from client site to server. (something like a sniper, cross platform). however, I only allow this happen from several websites. Not others. so, even other people copy the code and put onto their website, it won't work.

© Stack Overflow or respective owner

Related posts about php

Related posts about security