Forum: Ruby Domain based restriction

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
336e7a036044bd73ade5d230d611edfd?d=identicon&s=25 Brian Zzzzzz (internets)
on 2009-02-25 08:59

I'm working on an application where I allow users to embed a uniquely
generated block of js code which also includes an swf file on their own
domain. I have a setup where a user enters their domain in my
application, I generate a random key to associate with the user / domain
and I generate a block of js code for them to copy / embed on their
domain. I'm not sure how to "check the referring domain"...

How could I go about preventing non-authorized domains from embedding
this code?

I guess what I'm looking for is something like "URL based restriction".

I would like to somehow verify the domain before the js / swf file loads
on the user's domain. If the domain is invalid then display an error and
do not load the code / swf.

Is it best to do this with some sort of ajax call? Is there a better
approach? Are there any modules / plugins to assist with this

This seems kind of like the google maps API but unique for each user /

Or is there a way to create a "white list" of acceptable domains that
can embed the code? I thought about generating a unique js file for each
user but that seems a but cumbersome / brittle. And what's to stop
someone from viewing the source of the js file, modifying it / removing
the "url authentication" and using it as they please?

Any suggestions appreciated.

Thank you.
753dcb78b3a3651127665da4bed3c782?d=identicon&s=25 Brian Candler (candlerb)
on 2009-02-25 14:07
The word "Ruby" didn't appear once in your posting - perhaps you should
try another forum.

If you are using some Ruby-based web application framework (e.g. Rails,
Merb, Sinatra etc) then you could try posting in one of those forums.
But to be honest this sounds more like a general web development
This topic is locked and can not be replied to.