Akil Demir
Reputation: 160
how can I make sure that the origin of the request to my server is legit?
I am developing a web application where I have to make sure the provided origin of the request trough http headers is correct?
let's say I am expecting a request from example.com, the only way to check request origin(as domain) is trough provided request headers as far as I know, I know that I can control the access to the server trough "Allow-Access-Control-Headers:"example.com"" header but what is preventing example2.com putting a origin header that says the request is coming from example.com?
Upvotes: 0
Views: 558
Answers (1)
Sourabh Swarnkar
Reputation: 131
unfortunately you cant, as it can be faked easily. if you application requires top notch security then i suggest you look into AUTH tokens
Upvotes: 1
Related Questions
- How to check if my PHP script is being called from my own domain/server?
- How to know the request is preflight and not the actual request?
- CORS / Access-Control-Allow-Origin
- CORS ORIGIN ISSUE
- How to determine who is the origin of every HTTP request
- how to verify the requesting server in php?
- How to ensure the HTTP_REQUEST Is coming from the right place?
- how can I reliably check that requests to my service file have come from my website?
- How do you verify an API request came from a certain domain?
- Using PHP, how can I tell if a request originates on the hosting server?