PHP HTTP Referrer
Solution 1
You spelled Referer correctly. It should be:
$_SERVER['HTTP_REFERER']
Solution 2
$_SERVER['HTTP_REFERER']
with a single R, try var_dump($_SERVER) for more info.
Solution 3
This works for me pretty well:
https://stackoverflow.com/a/17958676/2635701
<form action="http://www.yourdomain.com/subscribe"
method="POST"
onsubmit=
"document.getElementById('www.yourdomain.com.referrer').value=window.location;" >
<!-- hidden input for field starts with a domain registered by you
just so that it's unlikely to clash with anything else on the page -->
<input type="hidden" id="www.yourdomain.com.referrer" name="referrer"/>
your email: <input name="email" type="text"/>
... rest of form ...
<input type="submit" value="Subscribe"/>
</form>
Solution 4
You are right that the referrer is easy to spoof, however there is a better solution. Read the ipn documentation in which they mention validation mechanisms. Never trust the user.
aaronfarr
Updated on January 16, 2020Comments
-
aaronfarr over 4 years
I have a page which accepts POSTs from a remote site. I would like to detect the domain that these POSTs are coming from. I realize that it can be spoofed but it is better than nothing. I have tried accessing the HTTP_REFERER variable but it just returns null.
The page accepts POSTs from sources like PayPal (instant payment notifications) and other payment gateways.
How can I get the referring call?
-
aaronfarr over 13 yearsThanks, that was a typo in the question. Still not returning anything in the code. Strange!
-
AbiusX over 13 yearsReferrer is the english word, but in PHP its Referer.
-
AbiusX over 13 yearsIt might simply be null. Not all browsers send referers
-
aaronfarr over 13 yearsThanks. Have implemented the IPNs properly. But I would like to use the same page to filter other IPNs other than paypal. So using the referer seemed like a logical way of doing it. Any suggestions how this could be done?
-
Dũng Trần Trung almost 8 yearsWhat if javascript is disabled?
-
Jordan over 5 yearsFun Fact: The misspelling of referrer originated in the original proposal by computer scientist Phillip Hallam-Baker to incorporate the field into the HTTP specification.[4] The misspelling was set in stone by the time of its incorporation into the Request for Comments standards document RFC 1945; document co-author Roy Fielding has remarked that neither "referrer" nor the misspelling "referer" were recognized by the standard Unix spell checker of the period. Source: [en.wikipedia.org/wiki/HTTP_referer]