How I can get origin of request with PHP?

Question

If someone send XHR request from some-client.com to some-rest.com, I want get origin(domain name, not client ip) of the request wi

Answer 1

$_SERVER['HTTP_ORIGIN']  // HTTP Origin header
$_SERVER['HTTP_HOST']    // HTTP Host header
$_SERVER['HTTP_REFERER'] // HTTP Referer header
$_SERVER['REMOTE_ADDR']  // HTTP Client's Public IP

Let's discuss above $_SERVER parameters.

First, XHR is at client side and it bounds with a http client. As Origin and Referer headers are not mandatory, a client other than standard web browser will not set that. Next Host header may not be mandatory. If your REST server uses virtual hosts, this header is a must to route requests correctly. But this header doesn't have any detail about the client. Only unique thing for http client is Public IP. But this corresponds to many clients as ISP's use network address translations or proxies.

Since everything is relative and within bounds, CORS like mechanisms are built on HTTP Origin header. Clients are assumed and advised to be using standard browsers.

In your case, my opinion is it's OK to depend on Origin header. You can implement CORS mechanism if it suits for you.