Welcome toVigges Developer Community-Open, Learning,Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.8k views
in Technique[技术] by (71.8m points)

Restrict Laravel API access to given frontend(s) only

I'm using Laravel as API with Passport and Password Grant Token.

When no user is logged in, frontends still needs to access API routes to get misc data or to register a user. How should I protect these routes, used by a given frontend (set in api.php), to be only accessible by a frontend ?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You can restrict access to your API in the cors.php configuration file. You can set which domains are allowed to access your API in the allowed_origins header. It's a very easy way to achieve this without much hassle.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to Vigges Developer Community for programmer and developer-Open, Learning and Share
...