DS Log
In my blog, I delve into the world of programming web technologies, Linux, Unix-like, and graphic design using free tools on Linux.
KINGCODE
KingCode Editor (ex Texty Editor) is my project developed using Java Swing. Project is still in development and in beta version. I plan to add additional features focused for PYTHON, PHP, JAVA, C, JS and BASH.
Read more ↗
VUE on Linux
In this guide, I'll walk you through the step-by-step process of setting up Vue.js on your Linux system, empowering you to create dynamic and interactive web applications. Let's harness the power of Vue.js together on the Linux platform!
Read more ↗
Symfony PHP
Dive into the world of Symfony PHP with this comprehensive introduction. In this guide, you'll learn the essential steps to create and manage posts and users, empowering you to build dynamic web applications with ease.
Read more ↗
Trying Linux from Windows
How to set up a PHP development server on Ubuntu 22.04
Text editors
List of text editors for developers.
Read more ↗
Fonts
Important fonts everyone needs to know.
Read more ↗
Try Linux from Windows
Here are some quick videos I made showing how to try out Linux Mint on Windows.
Read more ↗
Tuesday, August 20, 2024
POST requests only from current domain?
Yes, you can configure your server to allow only POST requests from the current domain by setting appropriate headers and handling the request method validation on the server-side.
Using HTTP Headers
You can use the Access-Control-Allow-Origin and Access-Control-Allow-Methods headers to control cross-origin requests and allowed methods. However, these headers are part of CORS (Cross-Origin Resource Sharing) and are more about controlling access from other domains rather than restricting the request method.
Example (PHP)
<?php
// Define the allowed origin and methods
$allowed_origin = 'https://yourdomain.com';
$allowed_methods = 'POST';
// Set the Access-Control-Allow-Origin header
header('Access-Control-Allow-Origin: ' . $allowed_origin);
// Set the Access-Control-Allow-Methods header
header('Access-Control-Allow-Methods: ' . $allowed_methods);
// Handle OPTIONS request for preflight (CORS)
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
// Send a 200 response and exit, indicating that the actual request can be made
header('HTTP/1.1 200 OK');
exit;
}
// Check if the request method is allowed
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('HTTP/1.1 405 Method Not Allowed');
echo 'Method Not Allowed: Only POST requests are allowed';
exit;
}
// Process the POST request
// Your code to handle the POST request goes here
echo 'POST request accepted';
?>
Server-Side Logic
On the server-side, you should explicitly check the request method and the origin of the request. If the method is not POST or the origin is not your current domain, you should return an appropriate response (e.g., 403 Forbidden).
Example (Node.js with Express)
const express = require('express');
const app = express();
app.use((req, res, next) => {
// Allow only requests from your domain
const allowedOrigin = 'https://yourdomain.com';
const origin = req.headers.origin;
if (origin !== allowedOrigin) {
return res.status(403).send('Forbidden: Invalid Origin');
}
// Allow only POST requests
if (req.method !== 'POST') {
return res.status(405).send('Method Not Allowed: Only POST requests are allowed');
}
next();
});
app.post('/your-endpoint', (req, res) => {
// Handle your POST request here
res.send('POST request accepted');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
Example (PHP)
<?php
// Define the allowed origin
$allowed_origin = 'https://yourdomain.com';
// Check the request origin
if (isset($_SERVER['HTTP_ORIGIN'])) {
if ($_SERVER['HTTP_ORIGIN'] !== $allowed_origin) {
header('HTTP/1.1 403 Forbidden');
echo 'Forbidden: Invalid Origin';
exit;
}
}
// Check if the request method is POST
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('HTTP/1.1 405 Method Not Allowed');
echo 'Method Not Allowed: Only POST requests are allowed';
exit;
}
// Process the POST request
// Your code to handle the POST request goes here
echo 'POST request accepted';
?>
