Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
2.1k views
in Technique[技术] by (71.8m points)

Restrict Laravel API access to given frontend(s) only

I'm using Laravel as API with Passport and Password Grant Token.

When no user is logged in, frontends still needs to access API routes to get misc data or to register a user. How should I protect these routes, used by a given frontend (set in api.php), to be only accessible by a frontend ?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You can restrict access to your API in the cors.php configuration file. You can set which domains are allowed to access your API in the allowed_origins header. It's a very easy way to achieve this without much hassle.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...