Possible to make subdomain only accessible through 'embed'
Ian Hobson
hobson42 at gmail.com
Wed Mar 17 14:59:11 UTC 2021
Hi,
I have not tried it, but I believe if you set a cookie
on .domain.com to say that they are logged in (Note the leading .) ,
then you can read that cookie in all sub-domains, and check they are
logged in to domain.com.
You might have to use domain.com, instead of docs.domain.com for the
outer level.
RFC6265 is the standard that modern browsers follow
https://tools.ietf.org/html/rfc6265
The clause you might need in your server {} are of nginx is
if ($cookie_fileURI != "mymagicvalue") { return 403; }
Where "mymagicvalue" was put in the cookie upon successful login.
Regards
Ian
On 12/03/2021 20:56, Jore wrote:
> Hi there,
>
> I have pages served from "embed.domain.com" that I'd only like to be
> accessible when they're embedded in files served from "docs.domain.com"
>
> Visualisation below:
>
> Is it possible to lock down "embed.domain.com" so it can only be
> accessed through "docs.domain.com"?
>
> Can this be done with nginx conf or another method?
>
> Thank you!
> Jore
>
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
--
Ian Hobson
Tel (+351) 910 418 473
--
This email has been checked for viruses by AVG.
https://www.avg.com
More information about the nginx
mailing list