Hướng dẫn get domain request php
The only secure way of doing thisThe only guaranteed secure method of retrieving the current domain is to store it in a secure location yourself. Show Most frameworks take care of storing the domain for you, so you will want to consult the documentation for your particular framework. If you're not using a framework, consider storing the domain in one of the following places: The following work... but they're not secureHackers can make the following variables output whatever domain they want. This can lead to cache poisoning and barely noticeable phishing attacks.
This gets the domain from the request headers which are open to manipulation by hackers. Same with:
This one can be made better if the Apache setting
usecanonicalname is turned off; in which case In popular systemsBelow is how you can get the current domain in the following frameworks/systems: WordPress
If you're constructing a URL in WordPress, just use home_url or site_url, or any of the other URL functions. Laravel
The Drupal The installer does not yet take care of making this secure (issue #2404259). But in Drupal 8 there is documentation you can you can follow at Trusted Host Settings to secure your Drupal installation after which the following can be used:
Other frameworks Feel free to edit this answer to include how to get the current domain in your favorite framework. When doing so, please include a link to the relevant source code or to anything else that would help me verify that the framework is doing things securely. AddendumExploitation examples:
Additional Caveats and Notes:
A Little Rant: This question received hundreds of thousands of views without a single mention of the security problems at hand! It shouldn't be this way, but just because a Stack Overflow answer is popular, that doesn't mean it is secure. |