[99s-extend] Cowboy Calling Hostname

[Loïc Hoguin]

In short: you can't.

Browsers may send origin/referer/.. headers depending on the type of 
request, but you can't rely on them to be real or even just there.

On 10/09/2013 05:30 PM, Lee Sylvester wrote:
> Thank you.  I couldn't work out if that's the host being called from or the host name in the request.  For example, a store called things.com makes a request to my service on widgets.net.  I need to see that the request is made FROM things.com for validation purposes. Is it correct that host will provide this?
>
> Thanks,
> Lee
>
> Sent from my iPhone
>
>> On Oct 9, 2013, at 2:31 PM, Loïc Hoguin <essen at ninenines.eu> wrote:
>>
>> cowboy_req:host/1?
>>
>> Please use the nice manual we have now.
>>
>>   http://ninenines.eu/docs/en/cowboy/HEAD/manual/cowboy_req
>>
>>> On 10/09/2013 03:27 PM, Lee Sylvester wrote:
>>> Hi,
>>>
>>> When receiving a Cowboy request, is there a way to find out which hostname the user made the request from?  I'm using CORS in my REST and Bullet app, where each call can be made through a given account.  However, I'd like to be able to lock requests for each account to a designated hostname to protect that users account usage.
>>>
>>> Thanks,
>>> Lee
>>>
>>> _______________________________________________
>>> Extend mailing list
>>> Extend at lists.ninenines.eu
>>> http://lists.ninenines.eu:81/listinfo/extend
>>
>>
>> --
>> Loïc Hoguin
>> Erlang Cowboy
>> Nine Nines
>> http://ninenines.eu


-- 
Loïc Hoguin
Erlang Cowboy
Nine Nines
http://ninenines.eu