Only allow requests from single site in Django Rest Framework
up vote
0
down vote
favorite
For illustrative purposes let's say I have a website at https://www.signup.com
that let's users sign up for an email list. After the user enters their email and hits 'Submit,' signup.com
sends POST
request to a Django Rest Framework API hosted at https://www.manager.com
:
{ "email" : "fake@whatever.com" }
Then the server adds that email to the database.
My question is: what's the best way to ensure that only signup.com
is able to successfully send POST
requests to manager.com
?
django django-rest-framework
add a comment |
up vote
0
down vote
favorite
For illustrative purposes let's say I have a website at https://www.signup.com
that let's users sign up for an email list. After the user enters their email and hits 'Submit,' signup.com
sends POST
request to a Django Rest Framework API hosted at https://www.manager.com
:
{ "email" : "fake@whatever.com" }
Then the server adds that email to the database.
My question is: what's the best way to ensure that only signup.com
is able to successfully send POST
requests to manager.com
?
django django-rest-framework
I would have a look at CORS and especially the Access Control Allow Origin option.
– Derlin
yesterday
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
For illustrative purposes let's say I have a website at https://www.signup.com
that let's users sign up for an email list. After the user enters their email and hits 'Submit,' signup.com
sends POST
request to a Django Rest Framework API hosted at https://www.manager.com
:
{ "email" : "fake@whatever.com" }
Then the server adds that email to the database.
My question is: what's the best way to ensure that only signup.com
is able to successfully send POST
requests to manager.com
?
django django-rest-framework
For illustrative purposes let's say I have a website at https://www.signup.com
that let's users sign up for an email list. After the user enters their email and hits 'Submit,' signup.com
sends POST
request to a Django Rest Framework API hosted at https://www.manager.com
:
{ "email" : "fake@whatever.com" }
Then the server adds that email to the database.
My question is: what's the best way to ensure that only signup.com
is able to successfully send POST
requests to manager.com
?
django django-rest-framework
django django-rest-framework
asked yesterday
garrettedel
5814
5814
I would have a look at CORS and especially the Access Control Allow Origin option.
– Derlin
yesterday
add a comment |
I would have a look at CORS and especially the Access Control Allow Origin option.
– Derlin
yesterday
I would have a look at CORS and especially the Access Control Allow Origin option.
– Derlin
yesterday
I would have a look at CORS and especially the Access Control Allow Origin option.
– Derlin
yesterday
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53401772%2fonly-allow-requests-from-single-site-in-django-rest-framework%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I would have a look at CORS and especially the Access Control Allow Origin option.
– Derlin
yesterday