Hello,
How do i whitelist/blacklist domains in webApp? Assume I have something like:
WebApp.connectHandlers.use('/subscribe', async (req, res) => {
const body = await bodyParser(req);
if (body) {
doAwesomeStuff(body);
res.setHeader('Access-Control-Allow-Origin', '*');
res.writeHead(200);
res.end();
} else {
res.setHeader('Access-Control-Allow-Origin', '*');
res.writeHead(500);
res.end();
}
});
Specifically, i want users in the browser to NOT be able to go to app.my-site.com/subscribe, BUT I want users on my website @ www.my-site.com/subscribe-landing-page to be able to, on an onSubmit event, be able to HTTP post to app.my-site.com/subscribe
How do I whitelist any POST (or api really) request coming from my-site.com to be properly handled, while redirecting any browser request to my-site.com/404.html
(1) Would the only way to do this be nginx trickery, or can i whitelist/blacklist in WebApp? Anyone have any suggestions.
(2) Iād also like to follow this patter for my login. I think it is safe, because while my post from the login page will have username and password, it will be going from https://www.my-site.com/login-landing-page to https://app.my-site.com/root or whatever. Is this a legit pattern?
Advice/pointers appreciated.