1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE> [99s-extend] Cowboy Calling Hostname
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:extend%40lists.ninenines.eu?Subject=Re%3A%20%5B99s-extend%5D%20Cowboy%20Calling%20Hostname&In-Reply-To=%3CA93F7716-AA8E-453D-B773-AB7A7409D154%40gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<style type="text/css">
pre {
white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */
}
</style>
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000264.html">
<LINK REL="Next" HREF="000266.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[99s-extend] Cowboy Calling Hostname</H1>
<B>Lee Sylvester</B>
<A HREF="mailto:extend%40lists.ninenines.eu?Subject=Re%3A%20%5B99s-extend%5D%20Cowboy%20Calling%20Hostname&In-Reply-To=%3CA93F7716-AA8E-453D-B773-AB7A7409D154%40gmail.com%3E"
TITLE="[99s-extend] Cowboy Calling Hostname">lee.sylvester at gmail.com
</A><BR>
<I>Wed Oct 9 19:28:40 CEST 2013</I>
<P><UL>
<LI>Previous message: <A HREF="000264.html">[99s-extend] Cowboy Calling Hostname
</A></li>
<LI>Next message: <A HREF="000266.html">[99s-extend] Cowboy Calling Hostname
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#265">[ date ]</a>
<a href="thread.html#265">[ thread ]</a>
<a href="subject.html#265">[ subject ]</a>
<a href="author.html#265">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Essentially, the REST service endpoint would be on widgets.net while the clients website, in this case things.com, has a JavaScript that makes an AJAX call to widgets.net. The account on widgets.net for things.com will have the things.com domain registered to its account, so that widgets.net can check to see if the request is coming from an expected domain.
Thanks,
Lee
On 9 Oct 2013, at 16:51, Nathan Michaels <<A HREF="https://lists.ninenines.eu/listinfo/extend">nathan at nmichaels.org</A>> wrote:
><i> Is the client making the request to your service on widgets.net because things.com sent them there, or is things.com making the request directly on behalf of the client? The first is what Loïc is talking about. The second is the source IP of the request, which you can definitely get.
</I>><i>
</I>><i>
</I>><i> On Wed, Oct 9, 2013 at 11:32 AM, Loïc Hoguin <<A HREF="https://lists.ninenines.eu/listinfo/extend">essen at ninenines.eu</A>> wrote:
</I>><i> In short: you can't.
</I>><i>
</I>><i> Browsers may send origin/referer/.. headers depending on the type of request, but you can't rely on them to be real or even just there.
</I>><i>
</I>><i>
</I>><i> On 10/09/2013 05:30 PM, Lee Sylvester wrote:
</I>><i> Thank you. I couldn't work out if that's the host being called from or the host name in the request. For example, a store called things.com makes a request to my service on widgets.net. I need to see that the request is made FROM things.com for validation purposes. Is it correct that host will provide this?
</I>><i>
</I>><i> Thanks,
</I>><i> Lee
</I>><i>
</I>><i> Sent from my iPhone
</I>><i>
</I>><i> On Oct 9, 2013, at 2:31 PM, Loïc Hoguin <<A HREF="https://lists.ninenines.eu/listinfo/extend">essen at ninenines.eu</A>> wrote:
</I>><i>
</I>><i> cowboy_req:host/1?
</I>><i>
</I>><i> Please use the nice manual we have now.
</I>><i>
</I>><i> <A HREF="http://ninenines.eu/docs/en/cowboy/HEAD/manual/cowboy_req">http://ninenines.eu/docs/en/cowboy/HEAD/manual/cowboy_req</A>
</I>><i>
</I>><i> On 10/09/2013 03:27 PM, Lee Sylvester wrote:
</I>><i> Hi,
</I>><i>
</I>><i> When receiving a Cowboy request, is there a way to find out which hostname the user made the request from? I'm using CORS in my REST and Bullet app, where each call can be made through a given account. However, I'd like to be able to lock requests for each account to a designated hostname to protect that users account usage.
</I>><i>
</I>><i> Thanks,
</I>><i> Lee
</I>><i>
</I>><i> _______________________________________________
</I>><i> Extend mailing list
</I>><i> <A HREF="https://lists.ninenines.eu/listinfo/extend">Extend at lists.ninenines.eu</A>
</I>><i> <A HREF="http://lists.ninenines.eu:81/listinfo/extend">http://lists.ninenines.eu:81/listinfo/extend</A>
</I>><i>
</I>><i>
</I>><i> --
</I>><i> Loïc Hoguin
</I>><i> Erlang Cowboy
</I>><i> Nine Nines
</I>><i> <A HREF="http://ninenines.eu">http://ninenines.eu</A>
</I>><i>
</I>><i>
</I>><i> --
</I>><i> Loïc Hoguin
</I>><i> Erlang Cowboy
</I>><i> Nine Nines
</I>><i> <A HREF="http://ninenines.eu">http://ninenines.eu</A>
</I>><i> _______________________________________________
</I>><i> Extend mailing list
</I>><i> <A HREF="https://lists.ninenines.eu/listinfo/extend">Extend at lists.ninenines.eu</A>
</I>><i> <A HREF="http://lists.ninenines.eu:81/listinfo/extend">http://lists.ninenines.eu:81/listinfo/extend</A>
</I>><i>
</I>><i> _______________________________________________
</I>><i> Extend mailing list
</I>><i> <A HREF="https://lists.ninenines.eu/listinfo/extend">Extend at lists.ninenines.eu</A>
</I>><i> <A HREF="http://lists.ninenines.eu:81/listinfo/extend">http://lists.ninenines.eu:81/listinfo/extend</A>
</I>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <<A HREF="http://lists.ninenines.eu/archives/extend/attachments/20131009/7c03cefc/attachment.html">http://lists.ninenines.eu/archives/extend/attachments/20131009/7c03cefc/attachment.html</A>>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000264.html">[99s-extend] Cowboy Calling Hostname
</A></li>
<LI>Next message: <A HREF="000266.html">[99s-extend] Cowboy Calling Hostname
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#265">[ date ]</a>
<a href="thread.html#265">[ thread ]</a>
<a href="subject.html#265">[ subject ]</a>
<a href="author.html#265">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://lists.ninenines.eu/listinfo/extend">More information about the Extend
mailing list</a><br>
</body></html>
|
