Home > Software engineering >  Protect guest user in api calls | Laravel
Protect guest user in api calls | Laravel

Time:05-21

Good morning. I have the following problem. In building an ecommerce with Laravel and Vue js., I want to protect the API call of the products also for the guest users. In the sense, the route "http://domain/api/product.com" at the moment could be launched from any device and retrieve the json of the products. My goal is that the user, even as a guest, can retrieve the products, but only within the site, otherwise millions of simultaneous calls could be launched from the outside if the route was accessible anywhere. Is it possible to do this with Sanctum or Passport, or are there other solutions?

CodePudding user response:

If i understood right, CORS accept header will do the trick. Just add CORS policy to Laravel program and set Acess-Control-Allow-Origin header to your domain "http://domain/api/product.com"

More details on CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

More details on how to do it in Laravel: https://www.stackhawk.com/blog/laravel-cors/

EDIT: good point by ml59, i would as well suggest writing up some simple middleware with IP whitelist. Example can be found here: https://learn2torials.com/a/block-whitelist-ip-address-in-laravel

  • Related