PHP cors validation

Posted by Brian Putt on Stack Overflow See other posts from Stack Overflow or by Brian Putt
Published on 2013-11-03T03:48:10Z Indexed on 2013/11/03 3:53 UTC
Read the original article Hit count: 163

Filed under:
|

I have an endpoint that takes GET requests to collect data from any source that wants to send data.

Is there a way to run some validation that the data is in fact coming from the sources we allowed? They enter the website url that they will be sending the data from and we generate an api key.

The data is sent via a javascript file that they install onto their website.

I have the Access-Control-Allow-Origin set to * as it doesn't necessarily scale to add in hundreds or more websites to that header and that in itself is a security risk as it shows anyone who wants to look at the headers who uses the script.

Currently I am thinking of using the http_origin / origin referrer, but obviously that doesn't do too much

© Stack Overflow or respective owner

Related posts about php

Related posts about cors