[英]How to setup api authorization if I don't have a login page in my website
I want to set up authorization in my react app.我想在我的反应应用程序中设置授权。 This is for security reasons, so my API will only be accessed by the people who use our website.这是出于安全原因,所以我的 API 只能由使用我们网站的人访问。 But my web app doesn't have a user login and doesn't require any.但是我的 web 应用程序没有用户登录,也不需要任何登录。 my backend uses rest api.我的后端使用 rest api。
Something like a token will not work since it sounds like your app is public and therefore anyone could grab the token (being a browser based thing) and use that on their own.令牌之类的东西不起作用,因为听起来您的应用程序是公开的,因此任何人都可以获取令牌(作为基于浏览器的东西)并自己使用它。 Instead I'd explore CORS to control the origin - for example only allowing your website to be authorized to perform the api call.. Here's an article on using CORS with the AWS API Gateway. Instead I'd explore CORS to control the origin - for example only allowing your website to be authorized to perform the api call.. Here's an article on using CORS with the AWS API Gateway.
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.