Nodejs 限制 API 访问托管的 web 应用程序
[英]Nodejs limit the API access to hosted web app
问题描述
I have a hosted admin panel under the domain admin.foo.com and the API hosted under the domain api.foo.com
我在域 admin.foo.com 下有一个托管的管理面板,在域admin.foo.com下托管的api.foo.com
I have an open endpoint GET - api.foo.com/all-products .我有一个开放端点GET - api.foo.com/all-products 。 There is no authentication header required to access this resource.访问此资源不需要身份验证 header。 But this should be accessed only via the hosted web app.但这只能通过托管的 web 应用程序访问。
The user should not be able to copy this url and paste on the web browser and see the json response and also user should not be able the data from this endpoint via another API or something. The user should not be able to copy this url and paste on the web browser and see the json response and also user should not be able the data from this endpoint via another API or something.
This question is already asked in StackOverflow but the given answer is this is not possible due to powerful tools like postmon. StackOverflow 中已经提出了这个问题,但给出的答案是由于 postmon 等强大的工具,这是不可能的。 But this should be able to achieve to at least for some extent using Node.js and express.js features.但这至少在一定程度上应该能够使用 Node.js 和 express.js 功能实现。
Say check where the request is coming from and then block the resource something like that.说检查请求的来源,然后阻止类似的资源。 How do I achieve this using Node.js, Express.js?如何使用 Node.js、Express.js 实现此目的?
1 个解决方案
解决方案1
0 2021-12-18 06:54:00
What you are looking for is cors您正在寻找的是 cors
const cors = require('cors');
app.use(cors({
origin: 'https://admin.foo.com'
}));
More info: https://www.section.io/engineering-education/how-to-use-cors-in-nodejs-with-express/更多信息: https://www.section.io/engineering-education/how-to-use-cors-in-nodejs-with-express/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.