Menu
I get a post form a payment gateway https to verify a payment etc. I need to verify that the post was infact from the domain.
Im trying to verify that the referrer is from a certain list of domains but in my req.headers I dont see a referrer|referer options:
{ 'x-real-ip': '123.34.45.176',
'x-forwarded-for': '123.34.45.176',
host: 'my.foo.com',
'x-nginx-proxy': 'true',
connection: 'close',
'user-agent': 'Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)',
accept: '*/*',
'content-length': '441',
'content-type': 'application/x-www-form-urlencoded' }
Why is my headers empty of those fields such as referer, origin etc ?
This is inside a post:
app.post('/payment/notify/', function(req, res){
req.headers
})
388
Not all requests have a referer header.
If the last page a browser was on is a secure server (https) then it does not transmit a referer to you.
Also, if your user types your address into their address bar you don't get a referer as well.
66
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
