How to know which website ask for an external image served by php?
-
05-07-2021 - |
Question
I have a PHP file serving images. It ask for an "api key" (to limit the access) and a string. Then it generate a PNG image and return it.
To access the image:
<img src="http://www.myserver.com/mypage.php?api=APIKEY&text=some-text-here" alt=""/>
This image will be called from third party's website.
I need to know if the website related to the api key is the same as the one asking for the image.
I can grab the referrer but I know sometimes it can be empty.
How can I verify this information? Is there any better way of doing this?
Thanks for your help.
Solution
Unfortunately, the Referer
header is the only thing you can use for this. Yes, it can be unreliable, and is definitely easily spoofed. But, it will provide some protection for you.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow