if ($_SERVER['HTTP_REFERER'] == "????")
What would the HTTP_REFERER be if this page was reached by a JQuery $.post request?
Asked
Active
Viewed 3,785 times
2
Norse
- 5,674
- 16
- 50
- 86
-
1If you are doing this for security purposes, please don't. The referer header can be easily spoofed by the client. – F21 Mar 14 '12 at 04:41
-
@phpdev "Actually yes, according to the OWASP CSRF Prevention Cheat Sheet in most cases checking the referer is enough to patch a CSRF vulnerability." – Norse Mar 14 '12 at 04:42
1 Answers
4
try
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest')
Note That not all servers provide this variable
and you can read this Detecting Ajax in PHP and making sure request was from my own website
Community
- 1
- 1
Muhannad A.Alhariri
- 3,702
- 4
- 30
- 46