Rectangle 27 6

Unirest is the best library I've come across for making HTTP requests from Node. It's aiming at being a multiplatform framework, so learning how it works on Node will serve you well if you need to use an HTTP client on Ruby, PHP, Java, Python, Objective C, .Net or Windows 8 as well. As far as I can tell the unirest libraries are mostly backed by existing HTTP clients (e.g. on Java, the Apache HTTP client, on Node, Mikeal's Request libary) - Unirest just puts a nicer API on top.

Here are a couple of code examples for Node.js:

var unirest = require('unirest')

// GET a resource
unirest.get('http://httpbin.org/get')
  .query({'foo': 'bar'})
  .query({'stack': 'overflow'})
  .end(function(res) {
    if (res.error) {
      console.log('GET error', res.error)
    } else {
      console.log('GET response', res.body)
    }
  })

// POST a form with an attached file
unirest.post('http://httpbin.org/post')
  .field('foo', 'bar')
  .field('stack', 'overflow')
  .attach('myfile', 'examples.js')
  .end(function(res) {
    if (res.error) {
      console.log('POST error', res.error)
    } else {
      console.log('POST response', res.body)
    }
  })

You can jump straight to the Node docs here

javascript - HTTP GET Request in Node.js Express - Stack Overflow

javascript node.js express httprequest
Rectangle 27 0

Is it possible to transform GET http://website/action1?param=1 into POST http://website/action2, with param being part of post request, using .htaccess?

No, this isn't possible. A GET and a POST are entirely different requests, with different request headers and different responses. The rewrite engine only affects the URI and can't change the actual request. You're going to have to rely on Javascript on the browser's end.

Specifically, in a GET request the parameters are in the HTTP message header (in the URL), but in a POST the parameters are in the message body. mod_rewrite can't touch the message body.

php - Rewrite HTTP GET request to POST in Apache using htaccess - Stac...

php apache .htaccess rewrite
Rectangle 27 0

php://input is a read-only stream that allows you to read raw data from the request body

which means you can only read body data, not headers or the raw request. If you're running under Apache, you can use the function apache_request_headers to get all the headers. To get the "request" line (the first line of the request), I suppose you need to concat the strings you can get from the $_SERVER variable.

If you're running under Apache
if you're running as an Apache module

Really? So there isn't a way to get the raw request?

apache - PHP Get the Raw HTTP Request (php://input not working) - Stac...

php apache http wampserver
Rectangle 27 0

Generally, this header should do the job. Having the domain name in this header

header("Access-Control-Allow-Origin: " . $_SERVER['HTTP_ORIGIN'] . "");
// use domain name instead of $_SERVER['HTTP_ORIGIN'] above

but if you want to check for more info, use something like the following snippet

$allowed = array('domain1', 'domain2', 'domain3'); 

if(isset($_SERVER['HTTP_ORIGIN']) && in_array($_SERVER['HTTP_ORIGIN'], $allowed)){
    // SELECT credentials for this user account from database
    if(isset($_GET['api_key'], $_GET['app_secret'])
        && $_GET['api_key'] == 'api_key_from_db' 
        && $_GET['app_secret'] == 'app_secret_from_db'
    ){
        // all fine
    }else{
        // not allowed
    }
}else{
    // not allowed
}

If the users have to pass more data to your service, use POST instead of GET

If the $_SERVER['REMOTE_ADDR'] variable returns me the Client_IP and not the website address, How am I supposed to autheticate the website??

@m_junior $_SERVER['REMOTE_ADDR'] returns the IP address of the server under which the current script is executing.

$allowed
$allowed = array('domain1' => '1.2.3.4', 'domain2' => '5.6.7.8', 'domain3' => '2.4.6.8');
gethostbyname('domain')

I am not sure anymore what happened when I commented like a year ago. Important is the array $allowed and that makes it a good answer.

apache - How to get http request origin in php - Stack Overflow

php apache http post get
Rectangle 27 0

I think what you mean is that you want to access the "Origin" header in the request headers (as opposed to setting it in the response headers).

For this the easiest way is to access the built in getallheaders() function - which is an alias for apache_request_headers() - N.B. this is assuming you are using php as a module.

This returns an array so the Origin header should be available like this:

$request_headers = getallheaders();
$origin = $request_headers['Origin'];

If you are using php via something like fastcgi then I believe it would be made available in the environment - usually capitalised and prefixed by "HTTP_" so it should be $_SERVER['HTTP_ORIGIN'].

Hope that helps anyone else looking for this :)

getallheaders(); doen't exist in php-fpm or php-fastcgi

Yes this is why I mentioned that is was assuming you were using php as a module (mod_php) and that otherwise its available as an environment variable.

apache - How to get http request origin in php - Stack Overflow

php apache http post get
Rectangle 27 0

Generally, this header should do the job. Having the domain name in this header

header("Access-Control-Allow-Origin: " . $_SERVER['HTTP_ORIGIN'] . "");
// use domain name instead of $_SERVER['HTTP_ORIGIN'] above

but if you want to check for more info, use something like the following snippet

$allowed = array('domain1', 'domain2', 'domain3');
if(isset($_SERVER['HTTP_ORIGIN']) && in_array($_SERVER['HTTP_ORIGIN'], $allowed){
    // SELECT credentials for this user account from database
    if(isset($_GET['api_key'] && $_GET['api_key'] == 'api_key_from_db' && isset($_GET['app_secret'] && $_GET['app_secret'] == 'app_secret_from_db')
        // all fine ...
    }else{
        // not allowed
    }
}esle{
    // ... not allowed
}

If the users have to pass more data to your service, use POST instead of GET

If the $_SERVER['REMOTE_ADDR'] variable returns me the Client_IP and not the website address, How am I supposed to autheticate the website??

@m_junior $_SERVER['REMOTE_ADDR'] returns the IP address of the server under which the current script is executing.

$allowed
$allowed = array('domain1' => '1.2.3.4', 'domain2' => '5.6.7.8', 'domain3' => '2.4.6.8');
gethostbyname('domain')

Does it mean that If an website has a javascript that makes a post to my API, once I receive the request the $_SERVER['REMOTE_ADDR'] WILL be filled with the website IP and not the client IP??? sorry for the ignorance level!

@m_junior No worries, feel free to ask :) If you need the IP of the host (where the website is hosted) use gethostbyname('www.your-client.com') but if you need the IP of the computer from where the request came from, use $_SERVER['REMOTE_ADDR']

apache - How to get http request origin in php - Stack Overflow

php apache http post get
Rectangle 27 0

I think what you mean is that you want to access the "Origin" header in the request headers (as opposed to setting it in the response headers).

For this the easiest way is to access the built in getallheaders() function -which is an alias for apache_request_headers() - NB this is assuming you are using php as a module.

This returns an array so the Origin header should be available like this:

$request_headers = getallheaders();
$origin = $request_headers('Origin');

If you are using php via something like fastcgi then I believe it would be made available in the environment - usually capitalised and prefixed by "HTTP_" so it should be $_SERVER['HTTP_ORIGIN']

Hope that helps anyone else looking for this :)

apache - How to get http request origin in php - Stack Overflow

php apache http post get
Rectangle 27 0

Use $_SERVER['HTTP_REFERER']. It is the address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature.

For further restrictions you can perform the following. example.com should be changed to your domain.

add name="Access-Control-Allow-Origin" value="http://www.example.com"
Header add Access-Control-Allow-Origin "http://www.example.com"

The referrer and the origin are two different things.

Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

As @DanFromGermany touched on, ORIGIN and REFERER are two different things - HTTP_ORIGIN is the better in this case than HTTP_REFERER; if HTTP_ORIGIN is missing then you may wish to fall back to using HTTP_REFERER, but I would advise against this for security (it's easier to change the referer than the origin, as origin is listed as a "forbidden" header and browsers should prevent any changes to origin from taking place).

apache - How to get http request origin in php - Stack Overflow

php apache http post get
Rectangle 27 0

Laravel 5: in request method controller:

$origin = request()->headers->get('origin');

apache - How to get http request origin in php - Stack Overflow

php apache http post get
Rectangle 27 0

By this method: $_SERVER['REMOTE_ADDR'] you can know the IP address

Client IP or Website IP, because the I need to know the website IP.

apache - How to get http request origin in php - Stack Overflow

php apache http post get
Rectangle 27 0

Using a var_dump you can see all that the request has to offer.

var_dump($_REQUEST);

Do a var_dump on the server global as well. It contains alot of usefull information.

var_dump($_SERVER);

apache - How to get http request origin in php - Stack Overflow

php apache http post get