Reputation: 567
Referrer URL from facebook form POST
I'm posting a form from a Facebook application to a form processor on my web server and then redirecting to a thank you page.
I want to ensure nothing else can post to this form so was looking to restrict it to only receive input from the Facebook app. The problem I'm coming up against is when I try to find the $_SERVER['HTTP_REFERER'] it isn't passed from Facebook. The value isn't even null, it's not even shown.
Is there anything else I could possibly use to lock down this form processor?
Cheers
Tom
Upvotes: 0
Views: 1270
Answers (1)
Reputation: 36319
Not through the referer, nor through anything FB will send you, since FB doesn't send anything except if a user has installed your app.
What you can do is use an antiforgery token, since you're serving the initial form itself. I think this example is pretty decent: http://shiflett.org/articles/cross-site-request-forgeries
Upvotes: 1
Related Questions
- Link Referer Origin in PHP
- facebook redirect url contents
- Referer not showing if coming from Facebook
- Facebook redirect_uri after post
- Facebook App Request "Referral"
- Detect Facebook as referrer?
- PHP get link to Facebook post
- facebook passing argument in url
- Facebook dialog request URL
- php http_referer