我如何知道api通過https調用securly

Question

所以我們創建了一個api，我們要確保它是通過https安全連接調用的，我們如何從api中知道它正在安全地提供服務。例如，如果從另一個域來要求我們的API是這樣的：

https://ourdomain.com/api.php?appId=dev4&apiKey=XXXX 

從api.php，我們怎麼知道我們正在通過HTTPS訪問securly？

Answer 1

當一個PHP腳本處理HTTPS請求時，$ _SERVER autoglobal中充滿了許多與SSL相關的額外頭文件。你可以檢查其中的一些。

我會檢查$_SERVER['HTTPS']=='on'

[HTTPS] => on 
[SSL_SERVER_S_DN_C] => IT 
[SSL_SERVER_S_DN_ST] => Some-State 
[SSL_SERVER_S_DN_L] => Italy 
[SSL_SERVER_S_DN_O] => test 
[SSL_SERVER_S_DN_OU] => test 
[SSL_SERVER_S_DN_CN] => test 
[SSL_SERVER_S_DN_Email] => test@example.com 
[SSL_SERVER_I_DN_C] => IT 
[SSL_SERVER_I_DN_ST] => Some-State 
[SSL_SERVER_I_DN_L] => Country 
[SSL_SERVER_I_DN_O] => test 
[SSL_SERVER_I_DN_OU] => test 
[SSL_SERVER_I_DN_CN] => test 
[SSL_SERVER_I_DN_Email] => test@example.com 
[SSL_VERSION_INTERFACE] => mod_ssl/2.2.24 
[SSL_VERSION_LIBRARY] => OpenSSL/1.0.1e 
[SSL_PROTOCOL] => TLSv1 
[SSL_SECURE_RENEG] => true 
[SSL_COMPRESS_METHOD] => NULL 
[SSL_CIPHER] => DHE-RSA-AES256-SHA 
[SSL_CIPHER_EXPORT] => false 
[SSL_CIPHER_USEKEYSIZE] => 256 
[SSL_CIPHER_ALGKEYSIZE] => 256 
[SSL_CLIENT_VERIFY] => NONE 
[SSL_SERVER_M_VERSION] => 1 
[SSL_SERVER_M_SERIAL] => C6D11EC56F9B9F1A 
[SSL_SERVER_V_START] => Oct 31 09:51:34 2013 GMT 
[SSL_SERVER_V_END] => Jul 27 09:51:34 2018 GMT 
[SSL_SERVER_S_DN] => /C=IT/ST=Some-State/L=Italy/O=test/OU=test/CN=test/emailAddress=test@example.com 
[SSL_SERVER_I_DN] => /C=IT/ST=Some-State/L=Italy/O=test/OU=test/CN=test/emailAddress=test@example.com 
[SSL_SERVER_A_KEY] => rsaEncryption 
[SSL_SERVER_A_SIG] => sha1WithRSAEncryption 
[SSL_SESSION_ID] => 832D61116CB619ACF9B9FD3080B2BC8DB48343B3033023D683AC8A9D22C6A064 

Answer 2

您可以在api.php添加此條件：

if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off') { 
    // no ssl 
} else { 
    // ssl 
} 

編輯：爲@薩爾曼一個表示，$_SERVER['HTTPS']可能是 '開' 或 '關'。所以我改變了代碼。