开发者

Making REST calls only available to local applications?

开发者 https://www.devze.com 2022-12-30 21:29 出处：网络

Suppose I have a url like: http://example.com/get-users which returns a JSON object of all users. But, I don\'t want anyone (or any bots) to be able to go to this url to fetch this information. I wa

相关专题：django django-piston python rest

Suppose I have a url like:

http://example.com/get-users

which returns a JSON object of all users. But, I don't want anyone (or any bots) to be able to go to this url to fetch this information. I want it to only respond to calls from 开发者_开发知识库other local modules in the same website.

How would I go about implementing someting like this?

Compare the REMOTE_ADDR against a white list of approved IPs. If it's not in that list, simply return nothing, close the socket, or return an HTTP error.

Are you using Spring? Have considered adding a filter bean inside your context to only allow HTTP requests from your site?