Asked  7 Months ago    Answers:  5   Viewed   36 times

What is the most reliable and secure way to determine what page either sent, or called (via AJAX), the current page. I don't want to use the $_SERVER['HTTP_REFERER'], because of the (lack of) reliability, and I need the page being called to only come from requests originating on my site.

Edit: I am looking to verify that a script that preforms a series of actions is being called from a page on my website.

 Answers

85

The REFERER is sent by the client's browser as part of the HTTP protocol, and is therefore unreliable indeed. It might not be there, it might be forged, you just can't trust it if it's for security reasons.

If you want to verify if a request is coming from your site, well you can't, but you can verify the user has been to your site and/or is authenticated. Cookies are sent in AJAX requests so you can rely on that.

Tuesday, June 1, 2021
 
Extrakun
answered 7 Months ago
60

Not all browsers will send the HTTP Referer header - you can't rely on it being sent. For instance, there are plenty of privacy addons which will disable sending of the header, or always send something specific rather than the real referring URL.

A proxy between you and the server could also choose not to pass on this header.

Also, of course, if you've gone straight to the URL in question, there is no referring URL to report.

Saturday, May 29, 2021
 
davidb
answered 7 Months ago
37

If a user visits your site directly, there is no referrer. It's also possible they have set it up so their browser never sends the referrer.

According to this answer, browsers do not necessarily send a referrer when doing a meta refresh.

Friday, July 30, 2021
 
jedwards
answered 5 Months ago
59

I ran into the same issue and found the following solution in the documentation: http://symfony.com/doc/current/book/testing.html#your-first-functional-test

To run your functional tests, the WebTestCase class bootstraps the kernel of your application. In most cases, this happens automatically. However, if your kernel is in a non-standard directory, you'll need to modify your phpunit.xml.dist file to set the KERNEL_DIR environment variable to the directory of your kernel:

<phpunit>
    <!-- ... -->
    <php>
        <server name="KERNEL_DIR" value="/path/to/your/app/" />
    </php>
    <!-- ... -->
</phpunit>

So check your phpunit.xml.dist configuration file and try to add the absolute path to your app-directory.

Hope it helps.

Friday, July 30, 2021
 
Bálint Molnár
answered 5 Months ago
88

Silly mistake on my part... simply forgot to add phpunit as a dependency in the project. For anyone else that gets this error, to composer.json add:

"require-dev": {
    "phpunit/phpunit": "3.7.*"
},

And then run:

composer update

That solved the problem.

Friday, September 17, 2021
 
Samir Sabri
answered 3 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 
Share