If someone send XHR request from some-client.com
to some-rest.com
, I want get origin(domain name, not client ip) of the request with PHP.
The possible solutions:
$_SERVER['HTTP_ORIGIN']
but I don't know if it is a standard.$_SERVER['HTTP_HOST']
or $_SERVER['SERVER_NAME']
, but some cases this return the real hostname
and not the real domain
.$_SERVER['REMOTE_ADDR']
gives the client IP.Whats is the correct way to get origin of request like a domain name with PHP?
Thanks!
Otherwise, for embedded resources — any elements having attributes with URLs that initiate requests ( <script src> , stylesheets, images, media elements) — the mode for the requests defaults to no-cors ; and since those requests are GET requests, that means, per-spec, browsers send no Origin header for them.
The Origin request header indicates the origin (scheme, hostname, and port) that caused the request. For example, if a user agent needs to request resources included in a page, or fetched by scripts that it executes, then the origin of the page may be included in the request.
To configure a distribution to add custom headers to requests that it sends to your origin, update the origin configuration using one of the following methods: CloudFront console – When you create or update a distribution, specify header names and values in the Origin Custom Headers settings.
env file and convert it to an array of the allowed domains. Then it will get the origin of the request, and if we are not running tests, it will run over the newly created array and check if the origin is on this array.
According to the article HTTP access control (CORS) by MDN:
All requests must be set Origin
header to work correctly under CORS(Cross-origin resource sharing) mechanism.
The "Origin" request header is part of RFC 6454 and describes it as part of CORS mechanism and is compatible with all browsers according to MDN.
Description by MDN:
The
Origin
request header indicates where a fetch originates from. It doesn't include any path information, but only the server name. It is sent with CORS requests, as well as with POST requests. It is similar to the Referer header, but, unlike this header, it doesn't disclose the whole path.Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin
Example by MDN:
So, to get origin of the XHR request with PHP you can use:
$_SERVER['HTTP_ORIGIN']
And, in the case of a direct request, you can combine HTTP_REFERER
and REMOTE_ADDR
like:
if (array_key_exists('HTTP_REFERER', $_SERVER)) {
$origin = $_SERVER['HTTP_REFERER'];
} else {
$origin = $_SERVER['REMOTE_ADDR'];
}
So, the possible final solution is:
if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {
$origin = $_SERVER['HTTP_ORIGIN'];
}
else if (array_key_exists('HTTP_REFERER', $_SERVER)) {
$origin = $_SERVER['HTTP_REFERER'];
} else {
$origin = $_SERVER['REMOTE_ADDR'];
}
MDN is Mozilla Developer Network.
Thanks a lot for help @trine, @waseem-bashir, @p0lt10n, and others persons.
in php you can get using $_SERVER['HTTP_REFERER']. if you are using codeigniter then you can get the referrer using $this->agent->is_referral().
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With