1

Hi guys and girls so I'm building a little app, but I got stuck a but in some fundamental understandings.

  1. I need to know how do you check for the URL from where the ajax call came from on the server side (PHP)... I've found this and not 100% if I can use this in some way ?

    $_SERVER["HTTP_HOST"] . $_SERVER["HTTP_REFERER"]

  2. And lastly if someone uses a phone (having said the project is built in Phonegap in near future) what would the server response then look like in terms of the URL return?

Can anyone please help me with these questions, would be appreciated!

Debflav
  • 1,131
  • 7
  • 17
anonymous
  • 85
  • 1
  • 11
  • what do you intend to do with the information? – RST Aug 29 '14 at 08:21
  • I don't know other solution than the `$_SERVER["HTTP_REFERER"]`. But, not all browsers set this value (btw can be change). So you can't be trust it at 100%. – Debflav Aug 29 '14 at 08:21
  • That's good to know - i basically just need to authenticate that the ajax call is made from the legitimate domain. I don't want people copy and pasting the source in a html file and then putting it on their server to obtain data and interact with with. – anonymous Aug 29 '14 at 08:29

1 Answers1

-1

yes you can get this response in an ajax call you can pass it into a variable in a javascript file and use it.

$_SERVER["HTTP_HOST"] . $_SERVER["HTTP_REFERER"]

the response in the phone would be depending on your hostname

Robert Dean Pantino
  • 284
  • 1
  • 3
  • 12
  • In terms of what you mentioned with a hostname would this be the phone itself? E.g. If you compile a website in phonegap built using html/css/javascript it essentially makes a native app correct ? if so when you access the server request through the native app using ajax what would PHP spew out if I checked for the host it came from? – anonymous Aug 29 '14 at 08:31
  • @anonymous :The limit of corvoda: [Referer header is not set in web requests](http://stackoverflow.com/a/25131028/3361444) – Debflav Aug 29 '14 at 08:43
  • Excellent Thanks to all guys appreciate it! All and all I would assume the $_SERVER[] response will probably be Null or Undefined. Which is good cause then I can check for a username and password sent probably. – anonymous Aug 29 '14 at 08:48
  • you can test it out, you can use alert or use weinre to debug it. – Robert Dean Pantino Aug 29 '14 at 08:52
  • @RobertDeanPantino : Pleace, since your answer is accepted try to update it with some informations which really answer to the question (Referer not ever set, seems that cordova don't manage this instead of iOs/Android) – Debflav Aug 29 '14 at 08:57