如何使用 PHP 获取请求的来源?

The possible solutions:

• Maybe I can use $_SERVER['HTTP_ORIGIN'] but I don't know if it is a standard.
• I see another header like $_SERVER['HTTP_HOST'] or $_SERVER['SERVER_NAME'], but some cases this return the real hostname and not the real domain.
• And $_SERVER['REMOTE_ADDR'] gives the client IP.

Whats is the correct way to get origin of request like a domain name with PHP?

Thanks!

According to the article HTTP access control (CORS) by MDN:

All requests must be set Origin header to work correctly under CORS(Cross-origin resource sharing) mechanism.

The "Origin" request header is part of RFC 6454 and describes it as part of CORS mechanism and is compatible with all browsers according to MDN.

Description by MDN:

The Origin request header indicates where a fetch originates from. It doesn't include any path information, but only the server name. It is sent with CORS requests, as well as with POST requests. It is similar to the Referer header, but, unlike this header, it doesn't disclose the whole path.

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin

Example by MDN:

So, to get origin of the XHR request with PHP you can use:

$_SERVER['HTTP_ORIGIN'] 

And, in the case of a direct request, you can combine HTTP_REFERER and REMOTE_ADDR like:

if (array_key_exists('HTTP_REFERER', $_SERVER)) {
    $origin = $_SERVER['HTTP_REFERER'];
} else {
    $origin = $_SERVER['REMOTE_ADDR'];
}

So, the possible final solution is:

if (array_key_exists('HTTP_ORIGIN', $_SERVER)) {
    $origin = $_SERVER['HTTP_ORIGIN'];
}
else if (array_key_exists('HTTP_REFERER', $_SERVER)) {
    $origin = $_SERVER['HTTP_REFERER'];
} else {
    $origin = $_SERVER['REMOTE_ADDR'];
}

MDN is Mozilla Developer Network.

Thanks a lot for help @trine, @waseem-bashir, @p0lt10n, and others persons.

这篇关于如何使用 PHP 获取请求的来源?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！