Reputation: 40718
How to verify the origin of a post in php using https
How can I ensure that a https post is from a given domain? Consider the following setup:
A webpage on the frontend server, for example https://www.frontend.com/index.php sends a https post redirect to a webpage on a backend server, for example https://www.backend.com/index.php
Now the backend wants to verify that the post is really from https://www.frontend.com/index.php .
(If the post is not from the frontend server, it should be rejected showing an error message.)
How can this be done in php? (as seen from the URLs above I am using SSL)
Upvotes: 0
Views: 189
Answers (1)
Reputation: 521995
A common technique here would be to use request signing. In short it uses a shared secret (a "password") to hash certain parts of the request to create an authentication token. For example, see here.
Specifically for SSL though, you may also use client-side certificates, in which the client sending the request proves his identity. SSL enables mutual authentication, it doesn't have to be one-sided as it typically is.
Upvotes: 1
Related Questions
- How to verify the origin domain of a request in PHP (Laravel)
- How to get http request origin in php
- validate HTTP requests with header "origin"
- POST request origins
- How to know request coming from https server in php?
- how to verify the requesting server in php?
- Verify HTTP post sender in php
- Verifying POST data sent from same server WITHOUT using a token using PHP?
- how is https post works and how is php can get the https post variable
- How to know php script is request in HTTPS not HTTP?