0

Say I have a server abc:8080 and a website web.org that make requests to abc:8080..

I only want abc:8080 to be accessible through web.org.. Users are disallowed from navigating to abc:8080 without being on the allowed origin 'web.org'. Is this possible?

django-cors-headers specific answer would be awesome!

Improve this question
0

1 Answer 1

Reset to default
-1

From what I understood is that your abc:8080 is acting as a backend server providing APIs and web.org is let's say your frontend server consuming those APIs.

I assume you have django-cors-headers installed on abc:8080

Adding web.org to django settings variable CORS_ALLOWED_ORIGINS in 'abc:8080' project should do the job

CORS_ALLOWED_ORIGINS = [
    "web.org",
    
]
Improve this answer
4
  • Yep I have those set. Those only enable strict allowing access from web.org, but it still doesn't prevent abc:8080 from being accessed on its own.. there's no way to prevent same origin however. So a user could still navigate to abc:8080.
    – Tiger Kaovilai
    Commented Apr 4, 2021 at 4:50
  • I believe the answer is, CORS is unable to provide such functionality. So I will need some other solution.
    – Tiger Kaovilai
    Commented Apr 4, 2021 at 4:54
  • First things first why do you want to prevent access from the same origin? And as the accronym CORS it self is about cross origin, I firmly believe it can not do anything about same origin access.
    – danish_wani
    Commented Apr 4, 2021 at 5:16
  • Just for some more obfuscation.. false sense of security
    – Tiger Kaovilai
    Commented Apr 4, 2021 at 7:28

Not the answer you're looking for? Browse other questions tagged or ask your own question.