Answer the question
In order to leave comments, you need to log in
K
K
Kirill Ozeretskovsky2019-12-12 21:44:29
Kirill Ozeretskovsky, 2019-12-12 21:44:29
If the server has a check for an HTTP referer, will this be an additional (or main) measure for distributing access to the API?
I want to distribute some data from my server, so I want to create an API, but replace the Token with a check from which resource the "client" requested - HTTP Referer. Is it possible to fake all this - in the sense of a request from a server that does not have the right to take data? The main idea is that service clients could be created even on GIT page hosting, like GitHub Pages or GitLab, in the first one you will have to write a token to the repository (I don’t know about the second one) and, it turns out, risk being used by attackers.
2 answer(s)
@xmoonlight
Or see here
@firedragon
X
xmoonlight, 2019-12-12 @xmoonlight
100% - you can fake it.
Don't even think about doing it.
The main idea is that service clients could be created even on GIT page hosts, like GitHub Pages or GitLab,fetch(), iframe, etc.
Or see here
V
Vladimir Korotenko, 2019-12-12 @firedragon
This is protection from honest people
curl --referer http://example.com/bot.html http://www.cyberciti.biz/
Similar questions
B
M
U
K
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question