Possible to make subdomain only accessible through 'embed'

Jore community at thoughtmaybe.com
Thu Mar 18 12:43:54 UTC 2021


Hi there,

Thank you for the suggestion.

Jore


On 18/3/21 1:59 am, Ian Hobson wrote:
> Hi,
>
> I have not tried it, but I believe if you set a cookie
> on .domain.com to say that they are logged in (Note the leading .) , 
> then you can read that cookie in all sub-domains, and check they are 
> logged in to domain.com.
>
> You might have to use domain.com, instead of docs.domain.com for the 
> outer level.
>
> RFC6265 is the standard that modern browsers follow
> https://tools.ietf.org/html/rfc6265
>
> The clause you might need in your server {} are of nginx is
>
> if ($cookie_fileURI != "mymagicvalue") { return 403; }
>
> Where "mymagicvalue" was put in the cookie upon successful login.
>
> Regards
>
> Ian
>
> On 12/03/2021 20:56, Jore wrote:
>> Hi there,
>>
>> I have pages served from "embed.domain.com" that I'd only like to be 
>> accessible when they're embedded in files served from "docs.domain.com"
>>
>> Visualisation below:
>>
>> Is it possible to lock down "embed.domain.com" so it can only be 
>> accessed through "docs.domain.com"?
>>
>> Can this be done with nginx conf or another method?
>>
>> Thank you!
>> Jore
>>
>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210318/2b5a9223/attachment.htm>


More information about the nginx mailing list