Before and after the end of the separation, how to prohibit others call interface?-CodePudding

The back-end using springboot framework

CodePudding user response:

Is it banned all or ban someone said

CodePudding user response:

reference 1/f, turbulence bligh male response:

is ban all still say one person

all, only allow yourself to allow calls

CodePudding user response:

At the time of access interface, in the HTTP header with a head, above the background data returned after verification

CodePudding user response:

General will add you in the HTTP header of the definition of front end encryption, decryption certification, the back-end to the header, others don't know your way of encryption nature also can't call,

CodePudding user response:

reference park, 4/f, bank reply:

general will add you in the HTTP header of the definition of front end encryption, decryption certification, the back-end to the header, others don't know your way of encryption nature also can't call,

Front end encryption is not clear? Should be able to know encryption? Actually don't know if it doesn't matter, anyway the front-end of js encryption can also be called directly

CodePudding user response:

Backend set cross-domain restrictions, only allow domain access ahead of your own

CodePudding user response:

The header with token

CodePudding user response:

Server-side cross-domain support setting specified IP access, similar to the white list, gm agreed encryption way is before and after the end, put the authentication information to request, the back-end to inspection by the support access interface, and login is a truth, intercept all illegal users, and the illegal users to join the blacklist, under the proposal, by the way to understand the web security, against malicious access, and hackers, do some necessary service security work

CodePudding user response:

We can see JWT next spring