所以我们创建了一个api,我们想确保它是通过https安全连接调用的,我们如何从api知道它是安全地提供服务。例如,如果来自另一个域请求我们的API如下:
https://ourdomain.com/api.php?appId=dev4&apiKey=XXXX
从api.php开始,我们如何知道我们是通过https安全访问的?
答案 0 :(得分:1)
您可以在api.php中添加此条件:
if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off') {
// no ssl
} else {
// ssl
}
编辑:正如@ Salman A 所说,$_SERVER['HTTPS']可能是'开'或'关'。所以我改变了代码。
答案 1 :(得分:1)
当PHP脚本处理HTTPS请求时,$ _SERVER autoglobal会填充许多与SSL相关的额外标头。你可以查看其中一些。
我会查看$_SERVER['HTTPS']=='on'
[HTTPS] => on
[SSL_SERVER_S_DN_C] => IT
[SSL_SERVER_S_DN_ST] => Some-State
[SSL_SERVER_S_DN_L] => Italy
[SSL_SERVER_S_DN_O] => test
[SSL_SERVER_S_DN_OU] => test
[SSL_SERVER_S_DN_CN] => test
[SSL_SERVER_S_DN_Email] => test@example.com
[SSL_SERVER_I_DN_C] => IT
[SSL_SERVER_I_DN_ST] => Some-State
[SSL_SERVER_I_DN_L] => Country
[SSL_SERVER_I_DN_O] => test
[SSL_SERVER_I_DN_OU] => test
[SSL_SERVER_I_DN_CN] => test
[SSL_SERVER_I_DN_Email] => test@example.com
[SSL_VERSION_INTERFACE] => mod_ssl/2.2.24
[SSL_VERSION_LIBRARY] => OpenSSL/1.0.1e
[SSL_PROTOCOL] => TLSv1
[SSL_SECURE_RENEG] => true
[SSL_COMPRESS_METHOD] => NULL
[SSL_CIPHER] => DHE-RSA-AES256-SHA
[SSL_CIPHER_EXPORT] => false
[SSL_CIPHER_USEKEYSIZE] => 256
[SSL_CIPHER_ALGKEYSIZE] => 256
[SSL_CLIENT_VERIFY] => NONE
[SSL_SERVER_M_VERSION] => 1
[SSL_SERVER_M_SERIAL] => C6D11EC56F9B9F1A
[SSL_SERVER_V_START] => Oct 31 09:51:34 2013 GMT
[SSL_SERVER_V_END] => Jul 27 09:51:34 2018 GMT
[SSL_SERVER_S_DN] => /C=IT/ST=Some-State/L=Italy/O=test/OU=test/CN=test/emailAddress=test@example.com
[SSL_SERVER_I_DN] => /C=IT/ST=Some-State/L=Italy/O=test/OU=test/CN=test/emailAddress=test@example.com
[SSL_SERVER_A_KEY] => rsaEncryption
[SSL_SERVER_A_SIG] => sha1WithRSAEncryption
[SSL_SESSION_ID] => 832D61116CB619ACF9B9FD3080B2BC8DB48343B3033023D683AC8A9D22C6A064