Skip to content

Add optional whitelisting of referrer IPs #59

@apdavison

Description

@apdavison

The current API allows anyone to use it.

This is fine for demonstration purposes, but to provide a higher level of availability for a given service, it should be possible to only allow API access via a specific hosting of the Javascript component.

As far as I can see, the only way to do this without requiring accounts/API keys is with the HTTP referer header. This can be spoofed, I guess, but it avoids people accidentally accessing something we don't want them to access (i.e. having a closed door is a deterrent to people entering, even if it's not locked).

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Projects

    Status

    Backlog

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions