Hello, I'm working on an application where I allow users to embed a uniquely generated block of js code which also includes an swf file on their own domain. I have a setup where a user enters their domain in my application, I generate a random key to associate with the user / domain and I generate a block of js code for them to copy / embed on their domain. I'm not sure how to "check the referring domain"... How could I go about preventing non-authorized domains from embedding this code? I guess what I'm looking for is something like "URL based restriction". I would like to somehow verify the domain before the js / swf file loads on the user's domain. If the domain is invalid then display an error and do not load the code / swf. Is it best to do this with some sort of ajax call? Is there a better approach? Are there any modules / plugins to assist with this functionality? This seems kind of like the google maps API but unique for each user / domain. Or is there a way to create a "white list" of acceptable domains that can embed the code? I thought about generating a unique js file for each user but that seems a but cumbersome / brittle. And what's to stop someone from viewing the source of the js file, modifying it / removing the "url authentication" and using it as they please? Any suggestions appreciated. Thank you.
on 2009-02-25 08:59
on 2009-02-25 14:07
The word "Ruby" didn't appear once in your posting - perhaps you should try another forum. If you are using some Ruby-based web application framework (e.g. Rails, Merb, Sinatra etc) then you could try posting in one of those forums. But to be honest this sounds more like a general web development question.