1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
|
<tt>
<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Essentially, the REST service endpoint would be on <a href="http://widgets.net">widgets.net</a> while the clients website, in this case <a href="http://things.com">things.com</a>, has a JavaScript that makes an AJAX call to <a href="http://widgets.net">widgets.net</a>. The account on <a href="http://widgets.net">widgets.net</a> for <a href="http://things.com">things.com</a> will have the <a href="http://things.com">things.com</a> domain registered to its account, so that <a href="http://widgets.net">widgets.net</a> can check to see if the request is coming from an expected domain.<div><br></div><div>Thanks,</div><div>Lee</div><div><br></div><div><br><div><div>On 9 Oct 2013, at 16:51, Nathan Michaels <<a href="mailto:[email protected]">[email protected]</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">Is the client making the request to your service on <a href="http://widgets.net/">widgets.net</a> because <a href="http://things.com/">things.com</a> sent them there, or is <a href="http://things.com/">things.com</a> making the request directly on behalf of the client? The first is what Lo�c is talking about. The second is the source IP of the request, which you can definitely get.</div><br>
<br>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Oct 9, 2013 at 11:32 AM, Lo�c Hoguin <span dir="ltr"><<a href="mailto:[email protected]" target="_blank">[email protected]</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
In short: you can't.<br><br>
<br><br>
Browsers may send origin/referer/.. headers depending on the type of request, but you can't rely on them to be real or even just there.<div class="HOEnZb"><div class="h5"><br><br>
<br><br>
On 10/09/2013 05:30 PM, Lee Sylvester wrote:<br><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Thank you. I couldn't work out if that's the host being called from or the host name in the request. For example, a store called <a href="http://things.com/" target="_blank">things.com</a> makes a request to my service on <a href="http://widgets.net/" target="_blank">widgets.net</a>. I need to see that the request is made FROM <a href="http://things.com/" target="_blank">things.com</a> for validation purposes. Is it correct that host will provide this?<br><br>
<br>
<br>
<br><br>
Thanks,<br><br>
Lee<br><br>
<br><br>
Sent from my iPhone<br><br>
<br><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
On Oct 9, 2013, at 2:31 PM, Lo�c Hoguin <<a href="mailto:[email protected]" target="_blank">[email protected]</a>> wrote:<br><br>
<br><br>
cowboy_req:host/1?<br><br>
<br><br>
Please use the nice manual we have now.<br><br>
<br><br>
<a href="http://ninenines.eu/docs/en/cowboy/HEAD/manual/cowboy_req" target="_blank">http://ninenines.eu/docs/en/<u></u>cowboy/HEAD/manual/cowboy_req</a><br><br>
<br><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
On 10/09/2013 03:27 PM, Lee Sylvester wrote:<br><br>
Hi,<br><br>
<br><br>
When receiving a Cowboy request, is there a way to find out which hostname the user made the request from? I'm using CORS in my REST and Bullet app, where each call can be made through a given account. However, I'd like to be able to lock requests for each account to a designated hostname to protect that users account usage.<br><br>
<br>
<br>
<br><br>
Thanks,<br><br>
Lee<br><br>
<br><br>
______________________________<u></u>_________________<br><br>
Extend mailing list<br><br>
<a href="mailto:[email protected]" target="_blank">[email protected]</a><br><br>
<a href="http://lists.ninenines.eu:81/listinfo/extend" target="_blank">http://lists.ninenines.eu:81/<u></u>listinfo/extend</a><br><br>
</blockquote><br>
<br><br>
<br><br>
--<br><br>
Lo�c Hoguin<br><br>
Erlang Cowboy<br><br>
Nine Nines<br><br>
<a href="http://ninenines.eu/" target="_blank">http://ninenines.eu</a><br><br>
</blockquote></blockquote><br>
<br><br>
<br><br>
-- <br><br>
Lo�c Hoguin<br><br>
Erlang Cowboy<br><br>
Nine Nines<br><br>
<a href="http://ninenines.eu/" target="_blank">http://ninenines.eu</a><br><br>
______________________________<u></u>_________________<br><br>
Extend mailing list<br><br>
<a href="mailto:[email protected]" target="_blank">[email protected]</a><br><br>
<a href="http://lists.ninenines.eu:81/listinfo/extend" target="_blank">http://lists.ninenines.eu:81/<u></u>listinfo/extend</a><br><br>
</div></div></blockquote></div><br></div><br>
_______________________________________________<br>Extend mailing list<br><a href="mailto:[email protected]">[email protected]</a><br>http://lists.ninenines.eu:81/listinfo/extend<br></blockquote></div><br></div></body></html>
</tt>
|