如何限制我的应用程序访问我的 Next.js API
[英]How to restrict access to my Next.js APIs for my application
问题描述
I am building a Next.js application in which I want to restrict access to my APIs.
我正在构建一个 Next.js 应用程序,我想在其中限制对我的 API 的访问。 I only want my application to make those requests.我只希望我的应用程序提出这些请求。
I once built an app with MERN stack , and I remember I used cors to only allow my domain to make requests to my APIs.我曾经使用 MERN MERN stack构建了一个应用程序,我记得我使用cors只允许我的域向我的 API 发出请求。 But apparantly cors does not work with nextJS, and I tried many npm modules such as nextjs-cors but they didn't work.但显然 cors 不适用于 nextJS,我尝试了许多 npm 模块,例如nextjs-cors ,但它们没有用。
I am thinking about using firebase App Check in order to check if this is my app that is making the requests, but I am still hesitant.我正在考虑使用 firebase App Check来检查发出请求的是否是我的应用程序,但我仍然犹豫不决。
What do you think is the optimal and professional solution for this?您认为optimal和professional的解决方案是什么?
PS: Is there a similar behavior to cors in but in NextJS because I also remember cors did not allow postman to make requests as well to my APIs. PS:在 NextJS 中是否存在与 cors 类似的行为,因为我还记得 cors 也不允许 postman 向我的 API 发出请求。
1 个解决方案
解决方案1
0 已采纳 2022-10-01 13:25:39
That is what API keys are for.这就是 API 键的用途。 Since you have control over both client and server, in client requests you can add a random key to headers when you make request.由于您可以同时控制客户端和服务器,因此在客户端请求中,您可以在发出请求时向标头添加一个随机密钥。 Then on the server, you can extract the headers console.log(req.headers) , if the headers include the specific key and matching value, you process the request if not you reject the request.然后在服务器上,您可以提取标头console.log(req.headers) ,如果标头包含特定键和匹配值,则处理请求,否则拒绝请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.