135

I'm using express.js and I need to know the domain which is originating the call. This is the simple code

app.get(
    '/verify_license_key.json',
    function( req, res ) {
        // do something

How do I get the domain from the req or the res object? I mean I need to know if the API was called by somesite.example or someothersite.example. I tried doing a console.dir of both req and res but I got no idea from there, also read the documentation but it gave me no help.

Improve this question
4
  • 1
    try: req.host or req.get('host') expresses docs Commented Aug 28, 2013 at 21:45
  • 3
    node.js: req.headers["x-forwarded-for"] || req.connection.remoteAddress x-forwarded-for would cover your bases behind a proxy, load balancer... Commented May 16, 2014 at 19:13
  • I get this warning: express deprecated req.host: Use req.hostname instead index.js:20:8 Commented Mar 8, 2015 at 3:15
  • "I need to know if the API was called by somesite.example". Note that the domain example.com is reserved specifically for use in examples: iana.org/domains/reserved Commented Jul 1, 2022 at 7:45

6 Answers 6

Reset to default
221

You have to retrieve it from the HOST header.

const host = req.get('host');

It is optional with HTTP 1.0, but required by 1.1. And, the app can always impose a requirement of its own.

If this is for supporting cross-origin requests, you would instead use the Origin header.

const origin = req.get('origin');

Note that some cross-origin requests require validation through a "preflight" request:

req.options('/route', function (req, res) {
    const origin = req.get('origin');
    // ...
});

If you're looking for the client's IP, you can retrieve that with:

const userIP = req.socket.remoteAddress;

Note that, if your server is behind a proxy, this will likely give you the proxy's IP. Whether you can get the user's IP depends on what info the proxy passes along. But, it'll typically be in the headers as well.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

But doesn't this give me the host of the api?It might be caused by the fact that i'm doing this locally and i have api.time.ly set to resolve to 127.0.0.1 and the call i'm making is from localhost ,but if i use that, host is "api.time.ly" i need to know the domain which is calling me. i will test this on a live site.
@NicolaPeluchetti I guess I don't understand what you mean by "the domain which is calling me." HTTP clients don't typically supply their own hostname in the request. Is this for CORS?
I've got a central api which is located at api.time.ly. This api is called by different client websites which install our wordpress plugin. So we could have church1.com and sauna1.com make calls to our api. In the API would i be able to get if the call was made from church1.com or from sauna1.com? i saw a header 'user-agent': 'WordPress/3.6; http://localhost/wordpress_clean' should i parse that?
If Domain is not passed, it's not a problem, i can add it to the API call obviously.
@NicolaPeluchetti You can try splitting and parsing the user-agent or requiring it as data in the request. But, I'd say something like OAuth would be better suited for identifying clients.
|
59

Instead of:

var host = req.get('host');
var origin = req.get('origin');

you can also use:

var host = req.headers.host;
var origin = req.headers.origin;
Improve this answer

3 Comments

getting undefined
gives me 127.0.0.1:3000
127.0.0.1:3000 is similar to localhost:3000 I believe. 127.0.0.1 refers to the local IP address
18

In Express 4.x you can use req.hostname, which returns the domain name, without port. i.e.:

// Host: "example.com:3000"
req.hostname
// => "example.com"

See: http://expressjs.com/en/4x/api.html#req.hostname

Improve this answer

3 Comments

This returns hostname of the server you are receiving request on. It will work only if you are running your API and website on the same server and originating and receiving party is the same host.
this returns the hostname of the server that is hosting the code, not the originating.....
"Contains the hostname derived from the Host HTTP header", and " The Host request header specifies the host and port number of the server to which the request is being sent"... So this is not the origin...
7

Year 2022, I use express v4.17.1 get following result

var host = req.get('host'); // works, localhost:3000

var host = req.headers.host; // works, localhost:3000

var host = req.hostname; // works, localhost

var origin = req.get('origin'); // not work, undefined

var origin = req.headers.origin; // not work, undefined

enter image description here

Improve this answer

1 Comment

var host = req.get('host'); // works, localhost:3003 // server host, no origin (3000)...
6

req.get('host') is now deprecated, using it will give Undefined.

Use,

    req.header('Origin');
    req.header('Host');
    // this method can be used to access other request headers like, 'Referer', 'User-Agent' etc.
Improve this answer

Comments

0

As mentioned above origin was deprecated therefore I used: const origin = req.headers.referer

you should remove the ending slash to make it same as the origin

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.