You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a couple of questions on the best practices for access management:
What is the best way to restrict creation/update of a collection document to only local API?
What is the best way to restrict read access to payload api from to only restricted domains?
For example, I am using the payload.config whitelisting of domains via cors, but then if I just hit in the browser "http://backend/api/collection" I am still getting all the data. The idea is to restrict this to only work when a request is coming from a specific client domain and that it.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I have a couple of questions on the best practices for access management:
For example, I am using the payload.config whitelisting of domains via cors, but then if I just hit in the browser "http://backend/api/collection" I am still getting all the data. The idea is to restrict this to only work when a request is coming from a specific client domain and that it.
Would apprecialte any help and feedback!
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions