Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How I can get origin of request with PHP?

If someone send XHR request from some-client.com to some-rest.com, I want get origin(domain name, not client ip) of the request with PHP.

The possible solutions:

  • Maybe I can use $_SERVER['HTTP_ORIGIN'] but I don't know if it is a standard.
  • I see another header like $_SERVER['HTTP_HOST'] or $_SERVER['SERVER_NAME'], but some cases this return the real hostname and not the real domain.
  • And $_SERVER['REMOTE_ADDR'] gives the client IP.

Whats is the correct way to get origin of request like a domain name with PHP?

Thanks!

like image 881
Jorge Olaf Avatar asked Dec 26 '16 03:12

Jorge Olaf


People also ask

DOES GET request have origin?

Otherwise, for embedded resources — any elements having attributes with URLs that initiate requests ( <script src> , stylesheets, images, media elements) — the mode for the requests defaults to no-cors ; and since those requests are GET requests, that means, per-spec, browsers send no Origin header for them.

What is origin in HTTP request?

The Origin request header indicates the origin (scheme, hostname, and port) that caused the request. For example, if a user agent needs to request resources included in a page, or fetched by scripts that it executes, then the origin of the page may be included in the request.

Can I add Origin header to request?

To configure a distribution to add custom headers to requests that it sends to your origin, update the origin configuration using one of the following methods: CloudFront console – When you create or update a distribution, specify header names and values in the Origin Custom Headers settings.

How do I get laravel origin?

env file and convert it to an array of the allowed domains. Then it will get the origin of the request, and if we are not running tests, it will run over the newly created array and check if the origin is on this array.


2 Answers

According to the article HTTP access control (CORS) by MDN:

All requests must be set Origin header to work correctly under CORS(Cross-origin resource sharing) mechanism.

The "Origin" request header is part of RFC 6454 and describes it as part of CORS mechanism and is compatible with all browsers according to MDN.

Description by MDN:

The Origin request header indicates where a fetch originates from. It doesn't include any path information, but only the server name. It is sent with CORS requests, as well as with POST requests. It is similar to the Referer header, but, unlike this header, it doesn't disclose the whole path.

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin

Example by MDN: enter image description here

So, to get origin of the XHR request with PHP you can use:

$_SERVER['HTTP_ORIGIN'] 

And, in the case of a direct request, you can combine HTTP_REFERER and REMOTE_ADDR like:

if (array_key_exists('HTTP_REFERER', $_SERVER)) {
    $origin = $_SERVER['HTTP_REFERER'];
} else {
    $origin = $_SERVER['REMOTE_ADDR'];
}

So, the possible final solution is:

if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {
    $origin = $_SERVER['HTTP_ORIGIN'];
}
else if (array_key_exists('HTTP_REFERER', $_SERVER)) {
    $origin = $_SERVER['HTTP_REFERER'];
} else {
    $origin = $_SERVER['REMOTE_ADDR'];
}

MDN is Mozilla Developer Network.

Thanks a lot for help @trine, @waseem-bashir, @p0lt10n, and others persons.

like image 119
Jorge Olaf Avatar answered Oct 09 '22 10:10

Jorge Olaf


in php you can get using $_SERVER['HTTP_REFERER']. if you are using codeigniter then you can get the referrer using $this->agent->is_referral().

like image 37
Waseem Bashir Avatar answered Oct 09 '22 08:10

Waseem Bashir