Suppose X.com will send a post request to Y.com How Y know that the sender is X? Without the url query string course.
$_SERVER['HTTP_REFERER'] of http://php.net/manual/en/reserved.variables.server.php seems not the answer. The documentation it self says "it cannot really be trusted".
Should it use key & secret key parameter?
Send a secret value across with your request, such as a key which you can check for in your script on X.com
Y.com:
$secret = 'SECRET_KEY';
X.com:
if(!empty(htmlentities($_POST['secret'])) {
if(htmlentities($_POST['secret']) == 'SECRET_KEY') {
//Request came from Y.com
}
}
来源:https://stackoverflow.com/questions/26940454/php-detect-get-the-sender-url-or-server-of-post-request