Domain based restriction



I’m working on an application where I allow users to embed a uniquely
generated block of js code which also includes an swf file on their own
domain. I have a setup where a user enters their domain in my
application, I generate a random key to associate with the user / domain
and I generate a block of js code for them to copy / embed on their
domain. I’m not sure how to “check the referring domain”…

How could I go about preventing non-authorized domains from embedding
this code?

I guess what I’m looking for is something like “URL based restriction”.

I would like to somehow verify the domain before the js / swf file loads
on the user’s domain. If the domain is invalid then display an error and
do not load the code / swf.

Is it best to do this with some sort of ajax call? Is there a better
approach? Are there any modules / plugins to assist with this

This seems kind of like the google maps API but unique for each user /

Or is there a way to create a “white list” of acceptable domains that
can embed the code? I thought about generating a unique js file for each
user but that seems a but cumbersome / brittle. And what’s to stop
someone from viewing the source of the js file, modifying it / removing
the “url authentication” and using it as they please?

Any suggestions appreciated.

Thank you.


The word “Ruby” didn’t appear once in your posting - perhaps you should
try another forum.

If you are using some Ruby-based web application framework (e.g. Rails,
Merb, Sinatra etc) then you could try posting in one of those forums.
But to be honest this sounds more like a general web development