Whitelist/Blacklist domains in WebApp [Solved]


#1

Hello,

How do i whitelist/blacklist domains in webApp? Assume I have something like:

WebApp.connectHandlers.use('/subscribe', async (req, res) => {
  const body = await bodyParser(req);

  if (body) {
    doAwesomeStuff(body);

    res.setHeader('Access-Control-Allow-Origin', '*');
    res.writeHead(200);
    res.end();
  } else {
    res.setHeader('Access-Control-Allow-Origin', '*');
    res.writeHead(500);
    res.end();
  }
});

Specifically, i want users in the browser to NOT be able to go to app.my-site.com/subscribe, BUT I want users on my website @ www.my-site.com/subscribe-landing-page to be able to, on an onSubmit event, be able to HTTP post to app.my-site.com/subscribe

How do I whitelist any POST (or api really) request coming from my-site.com to be properly handled, while redirecting any browser request to my-site.com/404.html

(1) Would the only way to do this be nginx trickery, or can i whitelist/blacklist in WebApp? Anyone have any suggestions.
(2) I’d also like to follow this patter for my login. I think it is safe, because while my post from the login page will have username and password, it will be going from https://www.my-site.com/login-landing-page to https://app.my-site.com/root or whatever. Is this a legit pattern?

Advice/pointers appreciated.


#2

Use a parameter key.

/subscribe/?action=somethingSecret&key=f09809asjdias9d0as890dahdi8a0sid78a9sdyhansdk