0

on my webspace I start a jQuery get command to a file on my own cloud, like:

$.get("https://mycloud.de/file.php", function(response) {}

This works fine. But I would like to disallow the following:

  • open directly the file with the url
  • curl command to this file

Access to this file should be only possible from my webspace mydomain.de and via $.post / $.get

Trombone0904
  • 4,132
  • 8
  • 51
  • 104
  • What have you tried so far? Where are you stuck? How is this even related to PHP? – Nico Haase Jun 18 '21 at 09:07
  • Nothing, because I have no idea how I can realize it – Trombone0904 Jun 18 '21 at 09:08
  • FYI the duplicates above only apply to Ajax requests. You can't use those techniques to stop the URL being accessed by other routes such as curl, direct access in the browser etc. Depending on the precise circumstances you may be looking for a solution involving authentication, or csrf tokens, something like that. Essentially you can't rely on the nature of the request to protect you, because actually the server has no idea how the request was generated (CORS is a browser-side tech). You need something embedded in the request which the server can verify came from a trusted/allowed user – ADyson Jun 18 '21 at 09:15

0 Answers0