<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Essentially, the REST service endpoint would be on <a href="http://widgets.net">widgets.net</a> while the clients website, in this case <a href="http://things.com">things.com</a>, has a JavaScript that makes an AJAX call to <a href="http://widgets.net">widgets.net</a>. The account on <a href="http://widgets.net">widgets.net</a> for <a href="http://things.com">things.com</a> will have the <a href="http://things.com">things.com</a> domain registered to its account, so that <a href="http://widgets.net">widgets.net</a> can check to see if the request is coming from an expected domain.<div><br></div><div>Thanks,</div><div>Lee</div><div><br></div><div><br><div><div>On 9 Oct 2013, at 16:51, Nathan Michaels <<a href="mailto:nathan@nmichaels.org">nathan@nmichaels.org</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Is the client making the request to your service on <a href="http://widgets.net/">widgets.net</a> because <a href="http://things.com/">things.com</a> sent them there, or is <a href="http://things.com/">things.com</a> making the request directly on behalf of the client? The first is what Loïc is talking about. The second is the source IP of the request, which you can definitely get.</div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Oct 9, 2013 at 11:32 AM, Loïc Hoguin <span dir="ltr"><<a href="mailto:essen@ninenines.eu" target="_blank">essen@ninenines.eu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
In short: you can't.<br>
<br>
Browsers may send origin/referer/.. headers depending on the type of request, but you can't rely on them to be real or even just there.<div class="HOEnZb"><div class="h5"><br>
<br>
On 10/09/2013 05:30 PM, Lee Sylvester wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Thank you. I couldn't work out if that's the host being called from or the host name in the request. For example, a store called <a href="http://things.com/" target="_blank">things.com</a> makes a request to my service on <a href="http://widgets.net/" target="_blank">widgets.net</a>. I need to see that the request is made FROM <a href="http://things.com/" target="_blank">things.com</a> for validation purposes. Is it correct that host will provide this?<br>
<br>
Thanks,<br>
Lee<br>
<br>
Sent from my iPhone<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On Oct 9, 2013, at 2:31 PM, Loïc Hoguin <<a href="mailto:essen@ninenines.eu" target="_blank">essen@ninenines.eu</a>> wrote:<br>
<br>
cowboy_req:host/1?<br>
<br>
Please use the nice manual we have now.<br>
<br>
<a href="http://ninenines.eu/docs/en/cowboy/HEAD/manual/cowboy_req" target="_blank">http://ninenines.eu/docs/en/<u></u>cowboy/HEAD/manual/cowboy_req</a><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 10/09/2013 03:27 PM, Lee Sylvester wrote:<br>
Hi,<br>
<br>
When receiving a Cowboy request, is there a way to find out which hostname the user made the request from? I'm using CORS in my REST and Bullet app, where each call can be made through a given account. However, I'd like to be able to lock requests for each account to a designated hostname to protect that users account usage.<br>
<br>
Thanks,<br>
Lee<br>
<br>
______________________________<u></u>_________________<br>
Extend mailing list<br>
<a href="mailto:Extend@lists.ninenines.eu" target="_blank">Extend@lists.ninenines.eu</a><br>
<a href="http://lists.ninenines.eu:81/listinfo/extend" target="_blank">http://lists.ninenines.eu:81/<u></u>listinfo/extend</a><br>
</blockquote>
<br>
<br>
--<br>
Loïc Hoguin<br>
Erlang Cowboy<br>
Nine Nines<br>
<a href="http://ninenines.eu/" target="_blank">http://ninenines.eu</a><br>
</blockquote></blockquote>
<br>
<br>
-- <br>
Loïc Hoguin<br>
Erlang Cowboy<br>
Nine Nines<br>
<a href="http://ninenines.eu/" target="_blank">http://ninenines.eu</a><br>
______________________________<u></u>_________________<br>
Extend mailing list<br>
<a href="mailto:Extend@lists.ninenines.eu" target="_blank">Extend@lists.ninenines.eu</a><br>
<a href="http://lists.ninenines.eu:81/listinfo/extend" target="_blank">http://lists.ninenines.eu:81/<u></u>listinfo/extend</a><br>
</div></div></blockquote></div><br></div>
_______________________________________________<br>Extend mailing list<br><a href="mailto:Extend@lists.ninenines.eu">Extend@lists.ninenines.eu</a><br>http://lists.ninenines.eu:81/listinfo/extend<br></blockquote></div><br></div></body></html>