Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add optional whitelisting of referrer IPs #59

Open
apdavison opened this issue Aug 28, 2023 · 0 comments
Open

Add optional whitelisting of referrer IPs #59

apdavison opened this issue Aug 28, 2023 · 0 comments
Labels
enhancement New feature or request

Comments

@apdavison
Copy link
Member

The current API allows anyone to use it.

This is fine for demonstration purposes, but to provide a higher level of availability for a given service, it should be possible to only allow API access via a specific hosting of the Javascript component.

As far as I can see, the only way to do this without requiring accounts/API keys is with the HTTP referer header. This can be spoofed, I guess, but it avoids people accidentally accessing something we don't want them to access (i.e. having a closed door is a deterrent to people entering, even if it's not locked).
@apdavison apdavison added the enhancement New feature or request label Aug 28, 2023
@github-project-automation github-project-automation bot moved this to Backlog in Planning Aug 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Planning
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
1 participant
@apdavison