How does get-php determine where the request comes from?

For example, if Site A initiates a get request to Site B, how can I determine whether the request is from site? Currently, I know that $ _ SERVER [& #039; HTTP_REFERER & #039;] But $ _ SERVER [& #039; HTTP_REFERER & #039;] can be forged, for example, if Site A initiates a get request to Site B, how can I determine whether the request is from site?
Currently, I know $ _ SERVER ['HTTP _ referer'].
However, $ _ SERVER ['HTTP _ referer'] can be forged, providing a better solution to requests.

Reply content:

For example, if Site A initiates a get request to Site B, how can I determine whether the request is from site?
Currently, I know $ _ SERVER ['HTTP _ referer'].
However, $ _ SERVER ['HTTP _ referer'] can be forged, providing a better solution to requests.

If only B is under its own control, there is no better way...

HTTP_REFERERIt is the only field in the HTTP protocol used to identify the user source...

However, if Station A is under your control, you can make an agreement to confirm that the request actually comes from station...

For example, if two parameters are passed for each request from Station A to Station B...tAf...

If you receive$_GET['f']Equalmd5( $_GET['t'] . 'secret_key' )It is legal...

Continue to process the request according to the original logic... otherwise, discard it directly...

If you do not want to add two parameters... You can also use the content that can be obtained by site AtParticipate in computing...

This is a safe way to mark identities between two sites... commonly known as fingerprints or signatures...

The salt hashing algorithm described above is relatively simple...

If you need more secure transmission... you can also use a more powerful RSA algorithm...

There is also A way... you also need A to stand in your control scope...

For example, the target link ishttp://B.ext/somelink... Need to be convertedhttp://A.ext/go/somelink...

Then send A message to the address of A limited source IP address of Station B when processing such A link in the background of station...

The message content is the user's IP browser and the address to be accessed...

Then, if Site B is followed by such access, it will be deemed as legal. Otherwise, it will be discarded...

This is basically how Grace works...

At present, there is no better method on the server side, because the HTTP header is just a little bit of content, it is very simple, only this field is used to mark the source of the link.

When station A sends messages and receives messages from Station B:
1. Use A string as the key $ key = 'alsfjewoi212' and put it on site A and site B respectively.
2. Connect the data $ data that the site wants to GET with the key and assign the md5 value to $ x = md5 ($ data. $ key );
3. get $ x and $ data to Site B at the same time.

4. determine when B receives the message:
If ($ _ GET ['X']! = Md5 ($ _ GET ['data']. $ key) exit ();

Done.