Block access to javascript files

4

I have a javascript file that does ajax requests for my API, but I do not want anyone to find out the link to it, is there any way to block access to this file?

If you do not have some way to release so only the site can access?

    
asked by anonymous 08.06.2015 / 03:21

2 answers

6

At the time the AJAX request is performed, it will always be possible to crawl. Because, the origin of the request is made at the client. So what you can do is do a validation on the server.

Example:

Let's say you're ordering from the site: link

In the index.php file, you can have a PHP statement that checks whether the source of the request is www.testandoapi.com.

<?php
  if( $_SERVER['HTTP_ORIGIN'] === 'www.testandoapi.com.br' ){ 
     //seu codigo aqui
  }
?>

This will cause only requests coming from the www.testandoapi.com.br domain to be executed.

Note: The above solution is not immune to faults, there are other aspects that should be taken into account.

Complementing the above solution, you can work with Token as well. But for this, it will be necessary to define some criteria:

  • Whether or not to generate Token , for all who access the site.
  • The frequency of Token .
  • You can have other items to set, worth considering the context that your API will be used.

        
    08.06.2015 / 04:16
    0

    You must provide security on the server side, allowing only those who can access the address action. The "link" can be discovered in any way when the user's request is made, simply by monitoring the requests in the browser itself.

        
    08.06.2015 / 03:57