[99s-extend] Cowboy Calling Hostname

Lee Sylvester lee.sylvester at gmail.com
Wed Oct 9 19:28:40 CEST 2013

Previous message: [99s-extend] Cowboy Calling Hostname
Next message: [99s-extend] Cowboy Calling Hostname
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Essentially, the REST service endpoint would be on widgets.net while the clients website, in this case things.com, has a JavaScript that makes an AJAX call to widgets.net.  The account on widgets.net for things.com will have the things.com domain registered to its account, so that widgets.net can check to see if the request is coming from an expected domain.

Thanks,
Lee


On 9 Oct 2013, at 16:51, Nathan Michaels <nathan at nmichaels.org> wrote:

> Is the client making the request to your service on widgets.net because things.com sent them there, or is things.com making the request directly on behalf of the client? The first is what Loïc is talking about. The second is the source IP of the request, which you can definitely get.
> 
> 
> On Wed, Oct 9, 2013 at 11:32 AM, Loïc Hoguin <essen at ninenines.eu> wrote:
> In short: you can't.
> 
> Browsers may send origin/referer/.. headers depending on the type of request, but you can't rely on them to be real or even just there.
> 
> 
> On 10/09/2013 05:30 PM, Lee Sylvester wrote:
> Thank you.  I couldn't work out if that's the host being called from or the host name in the request.  For example, a store called things.com makes a request to my service on widgets.net.  I need to see that the request is made FROM things.com for validation purposes. Is it correct that host will provide this?
> 
> Thanks,
> Lee
> 
> Sent from my iPhone
> 
> On Oct 9, 2013, at 2:31 PM, Loïc Hoguin <essen at ninenines.eu> wrote:
> 
> cowboy_req:host/1?
> 
> Please use the nice manual we have now.
> 
>   http://ninenines.eu/docs/en/cowboy/HEAD/manual/cowboy_req
> 
> On 10/09/2013 03:27 PM, Lee Sylvester wrote:
> Hi,
> 
> When receiving a Cowboy request, is there a way to find out which hostname the user made the request from?  I'm using CORS in my REST and Bullet app, where each call can be made through a given account.  However, I'd like to be able to lock requests for each account to a designated hostname to protect that users account usage.
> 
> Thanks,
> Lee
> 
> _______________________________________________
> Extend mailing list
> Extend at lists.ninenines.eu
> http://lists.ninenines.eu:81/listinfo/extend
> 
> 
> --
> Loïc Hoguin
> Erlang Cowboy
> Nine Nines
> http://ninenines.eu
> 
> 
> -- 
> Loïc Hoguin
> Erlang Cowboy
> Nine Nines
> http://ninenines.eu
> _______________________________________________
> Extend mailing list
> Extend at lists.ninenines.eu
> http://lists.ninenines.eu:81/listinfo/extend
> 
> _______________________________________________
> Extend mailing list
> Extend at lists.ninenines.eu
> http://lists.ninenines.eu:81/listinfo/extend

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ninenines.eu/archives/extend/attachments/20131009/7c03cefc/attachment.html>

Previous message: [99s-extend] Cowboy Calling Hostname
Next message: [99s-extend] Cowboy Calling Hostname
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Extend mailing list