Is it possible to stop requests (POSTs) from different origins on Google App Engine? I understand that IP spoofing is "easy", is there another solution, maybe sessions? Suggestions are welcome.
Asked
Active
Viewed 353 times
2 Answers
1
Not entirely sure from your wording if this is the answer you're after, but you can get the referrer page using the following:
#Get referring page
referer = self.request.environ['HTTP_REFERER'] \
if 'HTTP_REFERER' in self.request.environ else None
You can then use regex to decided whether to process the request further. Source: http://blog.andrewhays.net/how-to-get-the-referer-url-from-google-appeng
Ed Kirk
- 111
- 2
-1
Assuming this is PHP, just check $_SERVER['REMOTE_ADDR'] for the IP/$_SERVER['REMOTE_HOST'] for host they are connecting from. For your specific question though, I would reccomend creating a SESSION variable for when data is submitted it can be checked by the server to verify its source. You can read more on it here.
Hope this helps and DFTBA. :)
-
Sorry to give you a down vote. It's not PHP, it's running on Google's App Engine so it would be either Python or Java (Python in this case). Furthermore I specified that spoofing an IP address is easy, so `REMOTE_ADDR` isn't a safe way to determine where are user is coming from: http://stackoverflow.com/questions/4773969/is-it-safe-to-trust-serverremote-addr – Ahmed Nuaman Jun 07 '12 at 19:09