Question

我正在将此代码用于我的api应用程序。

//send.php
$url = 'http://example.com/api/';
$ch = curl_init($url);
$jsonData = array(
    'username' => 'MyUsername',
    'password' => 'MyPassword'
);
$jsonDataEncoded = json_encode($jsonData);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonDataEncoded);

//Set the content type to application/json
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json')); 

//Execute the request
$result = curl_exec($ch);

我只能允许POST方法请求，并检查设置为application / json的内容类型。如何仅使用HTTPS允许访问API？

   //receive.php  
        if(strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') != 0){
            throw new Exception('Request method must be POST!');
        }

        $contentType = isset($_SERVER["CONTENT_TYPE"]) ? trim($_SERVER["CONTENT_TYPE"]) : '';
        if(strcasecmp($contentType, 'application/json') != 0){
            throw new Exception('Content type must be: application/json');
        }

        $content = trim(file_get_contents("php://input"));
        $decoded = json_decode($content, true);
        if(!is_array($decoded)){
            throw new Exception('Received content contained invalid JSON!');
        }

谢谢

Answer 1

谢谢

将此代码添加到receive.php中。

我有send.php（在没有https连接的服务器上）和receive.php（在具有https连接的服务器上）

结果是：“ https”

相反，我需要检查send.php的连接

   $https = !empty($_SERVER['HTTPS']) && strcasecmp($_SERVER['HTTPS'], 'on') === 0 ||
            !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
                strcasecmp($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') === 0;

    echo ($https) ? 'https://' : 'http://';

只允许使用HTTPS访问API

1 个答案: