ZF2 - Check referer in API call

I want to write an internal REST API which returns some json data. How can I protect that API call, that it only can get called by the same domain? Should I do it with a dispatch listener?

Thanks!

Answers


You could indeed create a guard (an event listener). You can have a look at BjyAuthorize to see how it's implemented there: https://github.com/bjyoungblood/BjyAuthorize/blob/master/src/BjyAuthorize/Guard/Controller.php

Other than that, I'm not sure but how about trying server things? Like Same Origin Policy or CORS headers?


Need Your Help

ui-grid inside ui-grid in a cell template - angularjs

angularjs ui-grid

I would like to design a ui-grid inside another ui-grid (ui-grid inside a cellTemplate)