Home > Software engineering >  Protect guest user in api calls | Laravel
Protect guest user in api calls | Laravel

Time:05-21

Good morning. I have the following problem. In building an ecommerce with Laravel and Vue js., I want to protect the API call of the products also for the guest users. In the sense, the route "http://domain/api/product.com" at the moment could be launched from any device and retrieve the json of the products. My goal is that the user, even as a guest, can retrieve the products, but only within the site, otherwise millions of simultaneous calls could be launched from the outside if the route was accessible anywhere. Is it possible to do this with Sanctum or Passport, or are there other solutions?

CodePudding user response:

If i understood right, CORS accept header will do the trick. Just add CORS policy to Laravel program and set Acess-Control-Allow-Origin header to your domain "http://domain/api/product.com"

More details on CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

More details on how to do it in Laravel: https://www.stackhawk.com/blog/laravel-cors/

EDIT: good point by ml59, i would as well suggest writing up some simple middleware with IP whitelist. Example can be found here: https://learn2torials.com/a/block-whitelist-ip-address-in-laravel

Page link:https//www.codepudding.com/Softwareengineering/414161.html

Prev:How to add DATE_ADD in query on laravel
Next:Set a faker value less than another faker field
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding