On Wed, Nov 5, 2008 at 4:24 PM, craic <[EMAIL PROTECTED]> wrote: > > with django, is it possible to restrict the calling host of particular > urls to be the localhost? > > namely, is there a way to restrict say a set of web services > implemented in django to be only accepted if they are the same domain > as the hosted page? > > so if i have a php page on foo.com/bar.php, which contains javascript > with some ajax calls to a web service: http://foo.com/ws/blah, that > would be allowed. > > but if someone on another host/location atttemps to call: > http://foo.com/ws/blah > they will get permission denied. > > tnks, > g'craic > > >
In your view, you could check the value of request.META['REMOTE_ADDR'] and return a 404 if it's not coming from an allowed location. You could write a decorator or middleware to make it easy to apply this to several views. Colin --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
