Detect if a request is coming from a server or a browser Carl Chambers
All
Oct 31, 2022 @ 02:46pm
Hey Rick,
My app for this question serves API requests.
Is there a reliable way to determine if an API request is coming from a server vs an AJAX request directly from a browser?
I have a case where I may want to provide the requested data only for AJAX requests (with the necessary CORS header) but not for requests from a server.
Can this be done?
Thanks,
Carl
re: Detect if a request is coming from a server or a browser Rick Strahl
Carl Chambers
Oct 31, 2022 @ 03:12pm
No.
Any HTTP client can spoof any HTTP headers - that's kind of the point of HTTP 😄 IOW I can pick up the user agent string from Edge or Chrome and then use that with a call from wwHttp.
+++ Rick ---
re: Detect if a request is coming from a server or a browser Carl Chambers
Rick Strahl
Oct 31, 2022 @ 04:02pm
That's what I figured but I thought I'd check.
Thanks, Rick.
Carl
re: Detect if a request is coming from a server or a browser Michael Hogan (Ideate Hosting)
Carl Chambers
Nov 30, 2022 @ 03:22pm
Carl;
If your API requests are coming from a limited set of IP addresses (which I think you ARE doing), then you will be able to tell from the request's IP address. You can maintain a table of IP addresses from API sources to easily add and remove them.
Also, you can use a part of the url from the API request to differentiate it from the browser... but I don't think that's what you are looking for in your situation.
re: Detect if a request is coming from a server or a browser Carl Chambers
Michael Hogan (Ideate Hosting)
Dec 2, 2022 @ 12:33pm
Thanks Michael,
I had thought about tracking the IP Address but even that can be spoofed and I think the client I was dealing with is capable of doing that. I ended up abandoning the feature I was considering.
Carl
