Block api for public #1331
Replies: 1 comment 1 reply
-
|
If you want to merely prevent other websites from firing requests against your API you can look into setting CORS headers. Note that these do not apply to other ways your API can be accessed like via scripts. The only way to block an API from public access on the web in general is through some form of authentication. That requires some sort of authenticated login/account before the API will serve any result. The client usually receives some sort of token to which a secret counterpart exists on the server. But even that gives you no guarantee that all requests were made through your app. A logged in user could just grab the token and use it to fire requests via curl. That's not a limitation of unique to fresh, but rather how the web works. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for reply! It seems quite hard to implement cors in fresh, can you provide some example please ? #1247 |
Beta Was this translation helpful? Give feedback.
-
Hey, what is the best way to block api (routes/api) from public access? And make it only avaiable from app?
Beta Was this translation helpful? Give feedback.
All reactions