Hello,
I’m working on an application where I allow users to embed a uniquely
generated block of js code which also includes an swf file on their own
domain. I have a setup where a user enters their domain in my
application, I generate a random key to associate with the user / domain
and I generate a block of js code for them to copy / embed on their
domain. I’m not sure how to “check the referring domain”…
How could I go about preventing non-authorized domains from embedding
this code?
I guess what I’m looking for is something like “URL based restriction”.
I would like to somehow verify the domain before the js / swf file loads
on the user’s domain. If the domain is invalid then display an error and
do not load the code / swf.
Is it best to do this with some sort of ajax call? Is there a better
approach? Are there any modules / plugins to assist with this
functionality?
This seems kind of like the google maps API but unique for each user /
domain.
Or is there a way to create a “white list” of acceptable domains that
can embed the code? I thought about generating a unique js file for each
user but that seems a but cumbersome / brittle. And what’s to stop
someone from viewing the source of the js file, modifying it / removing
the “url authentication” and using it as they please?
Any suggestions appreciated.
Thank you.