如果我的网站没有登录页面,如何设置 api 授权
[英]How to setup api authorization if I don't have a login page in my website
问题描述
I want to set up authorization in my react app.
我想在我的反应应用程序中设置授权。 This is for security reasons, so my API will only be accessed by the people who use our website.这是出于安全原因,所以我的 API 只能由使用我们网站的人访问。 But my web app doesn't have a user login and doesn't require any.但是我的 web 应用程序没有用户登录,也不需要任何登录。 my backend uses rest api.我的后端使用 rest api。
- How would I proceed with authorization with a token?我将如何使用令牌进行授权?
- How can I set up an initial token even before the page loads?如何在页面加载之前设置初始令牌?
1 个解决方案
解决方案1
0 2021-12-13 03:43:27
Something like a token will not work since it sounds like your app is public and therefore anyone could grab the token (being a browser based thing) and use that on their own.令牌之类的东西不起作用,因为听起来您的应用程序是公开的,因此任何人都可以获取令牌(作为基于浏览器的东西)并自己使用它。 Instead I'd explore CORS to control the origin - for example only allowing your website to be authorized to perform the api call.. Here's an article on using CORS with the AWS API Gateway. Instead I'd explore CORS to control the origin - for example only allowing your website to be authorized to perform the api call.. Here's an article on using CORS with the AWS API Gateway.
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.