diff options
Diffstat (limited to 'archives/extend/attachments/20131009/7c03cefc/attachment.html')
-rw-r--r-- | archives/extend/attachments/20131009/7c03cefc/attachment.html | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/archives/extend/attachments/20131009/7c03cefc/attachment.html b/archives/extend/attachments/20131009/7c03cefc/attachment.html new file mode 100644 index 00000000..6870f939 --- /dev/null +++ b/archives/extend/attachments/20131009/7c03cefc/attachment.html @@ -0,0 +1,67 @@ +<tt> +<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Essentially, the REST service endpoint would be on <a href="http://widgets.net">widgets.net</a> while the clients website, in this case <a href="http://things.com">things.com</a>, has a JavaScript that makes an AJAX call to <a href="http://widgets.net">widgets.net</a>. The account on <a href="http://widgets.net">widgets.net</a> for <a href="http://things.com">things.com</a> will have the <a href="http://things.com">things.com</a> domain registered to its account, so that <a href="http://widgets.net">widgets.net</a> can check to see if the request is coming from an expected domain.<div><br></div><div>Thanks,</div><div>Lee</div><div><br></div><div><br><div><div>On 9 Oct 2013, at 16:51, Nathan Michaels <<a href="mailto:[email protected]">[email protected]</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Is the client making the request to your service on <a href="http://widgets.net/">widgets.net</a> because <a href="http://things.com/">things.com</a> sent them there, or is <a href="http://things.com/">things.com</a> making the request directly on behalf of the client? The first is what Lo�c is talking about. The second is the source IP of the request, which you can definitely get.</div><br> +<br> +<div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Oct 9, 2013 at 11:32 AM, Lo�c Hoguin <span dir="ltr"><<a href="mailto:[email protected]" target="_blank">[email protected]</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br> +<br> +In short: you can't.<br><br> +<br><br> +Browsers may send origin/referer/.. headers depending on the type of request, but you can't rely on them to be real or even just there.<div class="HOEnZb"><div class="h5"><br><br> +<br><br> +On 10/09/2013 05:30 PM, Lee Sylvester wrote:<br><br> +<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br> +Thank you. I couldn't work out if that's the host being called from or the host name in the request. For example, a store called <a href="http://things.com/" target="_blank">things.com</a> makes a request to my service on <a href="http://widgets.net/" target="_blank">widgets.net</a>. I need to see that the request is made FROM <a href="http://things.com/" target="_blank">things.com</a> for validation purposes. Is it correct that host will provide this?<br><br> +<br> +<br> +<br><br> +Thanks,<br><br> +Lee<br><br> +<br><br> +Sent from my iPhone<br><br> +<br><br> +<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br> +On Oct 9, 2013, at 2:31 PM, Lo�c Hoguin <<a href="mailto:[email protected]" target="_blank">[email protected]</a>> wrote:<br><br> +<br><br> +cowboy_req:host/1?<br><br> +<br><br> +Please use the nice manual we have now.<br><br> +<br><br> + <a href="http://ninenines.eu/docs/en/cowboy/HEAD/manual/cowboy_req" target="_blank">http://ninenines.eu/docs/en/<u></u>cowboy/HEAD/manual/cowboy_req</a><br><br> +<br><br> +<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br> +On 10/09/2013 03:27 PM, Lee Sylvester wrote:<br><br> +Hi,<br><br> +<br><br> +When receiving a Cowboy request, is there a way to find out which hostname the user made the request from? I'm using CORS in my REST and Bullet app, where each call can be made through a given account. However, I'd like to be able to lock requests for each account to a designated hostname to protect that users account usage.<br><br> +<br> +<br> +<br><br> +Thanks,<br><br> +Lee<br><br> +<br><br> +______________________________<u></u>_________________<br><br> +Extend mailing list<br><br> +<a href="mailto:[email protected]" target="_blank">[email protected]</a><br><br> +<a href="http://lists.ninenines.eu:81/listinfo/extend" target="_blank">http://lists.ninenines.eu:81/<u></u>listinfo/extend</a><br><br> +</blockquote><br> +<br><br> +<br><br> +--<br><br> +Lo�c Hoguin<br><br> +Erlang Cowboy<br><br> +Nine Nines<br><br> +<a href="http://ninenines.eu/" target="_blank">http://ninenines.eu</a><br><br> +</blockquote></blockquote><br> +<br><br> +<br><br> +-- <br><br> +Lo�c Hoguin<br><br> +Erlang Cowboy<br><br> +Nine Nines<br><br> +<a href="http://ninenines.eu/" target="_blank">http://ninenines.eu</a><br><br> +______________________________<u></u>_________________<br><br> +Extend mailing list<br><br> +<a href="mailto:[email protected]" target="_blank">[email protected]</a><br><br> +<a href="http://lists.ninenines.eu:81/listinfo/extend" target="_blank">http://lists.ninenines.eu:81/<u></u>listinfo/extend</a><br><br> +</div></div></blockquote></div><br></div><br> +_______________________________________________<br>Extend mailing list<br><a href="mailto:[email protected]">[email protected]</a><br>http://lists.ninenines.eu:81/listinfo/extend<br></blockquote></div><br></div></body></html> +</tt> |