Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

As an admistrator of the application, I want to restrict access to API by specific referrer #228

Closed
tloubrieu-jpl opened this issue Jul 15, 2021 · 0 comments · Fixed by #230
Closed

As an admistrator of the application, I want to restrict access to API by specific referrer #228

tloubrieu-jpl opened this issue Jul 15, 2021 · 0 comments · Fixed by #230
Assignees
@collinss-jpl
Labels
B12.0 p.must-have requirement the current issue is a requirement
Milestone
11.Jesse.Owens

Comments

@tloubrieu-jpl
Copy link
Member

Motivation

...so that only the web UI can access the API service.

Additional Details

The authorized referrer need to be configurable in the configuration file.

The referrer is added to the API request from the UI, see
Screen Shot 2021-07-15 at 1 55 10 PM

Acceptance Criteria

Given a deployment where authorized referrer is XXXX
When I perform a curl request on the api with option --referer XXXX
Then I expect I can access the API

Given a deployment where authorized referrer is XXXX
When I perform a curl request on the api with option --referer YYYY
Then I expect I can not access the API

(TO BE CONFIRMED, I am not absolutly sure how the referrer is set by browser)

Engineering Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@collinss-jpl collinss-jpl

Labels
B12.0 p.must-have requirement the current issue is a requirement
Projects
None yet
Milestone
11.Jesse.Owens
Development

Successfully merging a pull request may close this issue.

DOI API Referrer Check NASA-PDS/doi-service
3 participants
@jordanpadams @tloubrieu-jpl @collinss-jpl