PHP cors validation
Posted
by
Brian Putt
on Stack Overflow
See other posts from Stack Overflow
or by Brian Putt
Published on 2013-11-03T03:48:10Z
Indexed on
2013/11/03
3:53 UTC
Read the original article
Hit count: 167
I have an endpoint that takes GET requests to collect data from any source that wants to send data.
Is there a way to run some validation that the data is in fact coming from the sources we allowed? They enter the website url that they will be sending the data from and we generate an api key.
The data is sent via a javascript file that they install onto their website.
I have the Access-Control-Allow-Origin set to * as it doesn't necessarily scale to add in hundreds or more websites to that header and that in itself is a security risk as it shows anyone who wants to look at the headers who uses the script.
Currently I am thinking of using the http_origin / origin referrer, but obviously that doesn't do too much
© Stack Overflow or respective owner