<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi there,</p>
<p>Thank you for the suggestion.</p>
<p>Jore</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 18/3/21 1:59 am, Ian Hobson wrote:<br>
</div>
<blockquote type="cite"
cite="mid:9b256bf5-8aae-6f00-8c2c-f59546cb141c@gmail.com">Hi,
<br>
<br>
I have not tried it, but I believe if you set a cookie
<br>
on .domain.com to say that they are logged in (Note the leading .)
, then you can read that cookie in all sub-domains, and check they
are logged in to domain.com.
<br>
<br>
You might have to use domain.com, instead of docs.domain.com for
the outer level.
<br>
<br>
RFC6265 is the standard that modern browsers follow
<br>
<a class="moz-txt-link-freetext" href="https://tools.ietf.org/html/rfc6265">https://tools.ietf.org/html/rfc6265</a>
<br>
<br>
The clause you might need in your server {} are of nginx is
<br>
<br>
if ($cookie_fileURI != "mymagicvalue") { return 403; }
<br>
<br>
Where "mymagicvalue" was put in the cookie upon successful login.
<br>
<br>
Regards
<br>
<br>
Ian
<br>
<br>
On 12/03/2021 20:56, Jore wrote:
<br>
<blockquote type="cite">Hi there,
<br>
<br>
I have pages served from "embed.domain.com" that I'd only like
to be accessible when they're embedded in files served from
"docs.domain.com"
<br>
<br>
Visualisation below:
<br>
<br>
Is it possible to lock down "embed.domain.com" so it can only be
accessed through "docs.domain.com"?
<br>
<br>
Can this be done with nginx conf or another method?
<br>
<br>
Thank you!
<br>
Jore
<br>
<br>
<br>
<br>
<br>
_______________________________________________
<br>
nginx mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:nginx@nginx.org">nginx@nginx.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a>
<br>
<br>
</blockquote>
<br>
</blockquote>
</body>
</html>