Possible to make subdomain only accessible through 'embed'

Ian Hobson hobson42 at gmail.com
Wed Mar 17 14:59:11 UTC 2021


I have not tried it, but I believe if you set a cookie
on .domain.com to say that they are logged in (Note the leading .) , 
then you can read that cookie in all sub-domains, and check they are 
logged in to domain.com.

You might have to use domain.com, instead of docs.domain.com for the 
outer level.

RFC6265 is the standard that modern browsers follow

The clause you might need in your server {} are of nginx is

if ($cookie_fileURI != "mymagicvalue") { return 403; }

Where "mymagicvalue" was put in the cookie upon successful login.



On 12/03/2021 20:56, Jore wrote:
> Hi there,
> I have pages served from "embed.domain.com" that I'd only like to be 
> accessible when they're embedded in files served from "docs.domain.com"
> Visualisation below:
> Is it possible to lock down "embed.domain.com" so it can only be 
> accessed through "docs.domain.com"?
> Can this be done with nginx conf or another method?
> Thank you!
> Jore
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

Ian Hobson
Tel (+351) 910 418 473

This email has been checked for viruses by AVG.

More information about the nginx mailing list