开发者

Validate a user's geolocation when the user posts data to a webpage

问答 作者:

I’d like to have a form on a website that can only be submitted if the user has permitted the page to get the users location via HTML5's Geolocation. When the form is submitted I'd like those coordinates to be passed along with the rest of the information.

However, I want to prevent people from being able to just write their own code to post fake data with latitude and longitude information. I'd like to have some sort of authentication that the coordinates being sent correspond to the user's geolocation.

Is this possible? What methods for validating/signing the coordinates sent from the client (webpage) to the开发者_开发问答 server? How would you go about this?

In case someone needs more specifics, the website itself will be a Ruby app and the form's submit button is really just making a REST call via POST to a URL.

Beware:

  • the browser may not handle HTML5 geolocation

  • the user of the website can refuse the geolocation

If the user accepts geolocation you should send the data directly via ajax otherwise the javascript variables could be changed client-side.

if(navigator.geolocation) {
  //try to retrieve user's position
  navigator.geolocation.getCurrentPosition(function(position) {
     //put ajax request here and send (position.coords.latitude, position.coords.longitude)
    },
    function() {
    //failure: the user refused
    }
  );
}
else {
  //failure but the navigator doesn't handle geolocation
}

There's no way of validating 100% that the data sent your server has not been altered. The user may easily use the browser's console or a simple curl request to send whatever he wants.

You have to think it like this: you are basically asking the user where are you? and the user is using his browser to help him find his location, but in the end the user is be able to send any data to your server.

The only thing I can think of would be to verify that the IP address location is somewhere close to the latitude/longitude sent, using some website like this one: http://www.ip2location.com/1.2.3.4

But anyway, that would not be 100% safe because if a user wants to mess with your server then he could just use a proxy to set a different IP address.

继续阅读:geolocationjavascriptrubyruby-on-rails

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9