Private location does not work

Francis Daly francis at daoine.org
Mon Feb 20 12:35:02 UTC 2023


On Sun, Feb 19, 2023 at 09:33:46AM -0500, Saint Michael wrote:

Hi there,

> it does not work:
> 404 Not Found

It appears that you are not asking "how do I ensure that a location{}
can only be used for internal redirects/requests".

> in the public location,  /carrier_00163e1bb23c, I have
> <iframe src="/asrxxxx">
>     Your browser does not support iframes
> </iframe>

> so how do I block the public from looking at my HTML and executing directly
> /asrxxxx?

You don't.

> Is this a bug?

It's a misunderstanding on your part of how the requests from the browser
to the server work.

Right now, your question is "how do I block people from accessing a
URL, while also allowing them to access the URL". And the answer is
"you can't, reliably".

The thing that you want to achieve, can't be achieved using the plan
that you are currently following.

In the tradition of "the XY problem": if you will describe the thing
that you want to achieve, instead of just a part of the current thing
that you are doing to attempt to achieve it, then it may be that someone
can suggest a way to achieve it.

I do see a later mail that has some more details; but on first glance
it seems to be describing your current solution, rather than the problem.

Cheers,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list