I have page.php
which receives POST data, it's located in a known position. How can I obtain the url of each page that sends data to page.php
via POST, or how can I block/allow POST data from certain sites?
阻止某些站点的POST数据
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
- 邀请回答
-
2条回答 默认 最新
- drn5375 2013-10-13 11:46关注
You can (although not reliably) get the URL of the referring page via
$_SERVER['HTTP_REFERER']
. There are, however, a number of situations where this will be blank (most commonly when coming from an HTTPS site).The only reliable way to limit which sites can cause a browser to submit data to your script which will be accepted is to implement protection against CSRF and stop all sites that are not your site.
Generate a random token. Store that token in a cookie or session. Store it in a hidden input in the form. When the form is submitted, check if the token in the form matches the token in the cookie/session. If it doesn't, then the form that submitted the data was not on your site.
I use PayPal IPN, so I need to check if POST comes from PayPal
You're trying to solve this problem the wrong way.
Read Paypal's IPN documentation. They provide a means to determine if the event came from them or not.
- PayPal HTTP POSTs your listener an IPN message that notifies you of an event.
- Your listener returns an empty HTTP 200 response to PayPal.
- Your listener HTTP POSTs the complete, unaltered message back to PayPal; the message must contain the same fields (in the same order) as the original message and be encoded in the same way as the original message.
- PayPal sends a single word back - either VERIFIED (if the message matches the original) or INVALID (if the message does not match the original).
解决 无用评论 打赏 举报
悬赏问题
- ¥20 模型在y分布之外的数据上预测能力不好如何解决
- ¥15 processing提取音乐节奏
- ¥15 gg加速器加速游戏时,提示不是x86架构
- ¥15 python按要求编写程序
- ¥15 Python输入字符串转化为列表排序具体见图,严格按照输入
- ¥20 XP系统在重新启动后进不去桌面,一直黑屏。
- ¥15 opencv图像处理,需要四个处理结果图
- ¥15 无线移动边缘计算系统中的系统模型
- ¥15 深度学习中的画图问题
- ¥15 java报错:使用mybatis plus查询一个只返回一条数据的sql,却报错返回了1000多条