Hi there,
Thank you for the suggestion.
Jore
On 18/3/21 1:59 am, Ian Hobson wrote:
Hi,
I have not tried it, but I believe if you set a cookie
on .domain.com to say that they are logged in (Note the leading .) ,
then you can read that cookie in all sub-domains, and check they are
logged in to domain.com.
You might have to use domain.com, instead of docs.domain.com for the
outer level.
RFC6265 is the standard that modern browsers follow
https://tools.ietf.org/html/rfc6265
The clause you might need in your server {} are of nginx is
if ($cookie_fileURI != "mymagicvalue") { return 403; }
Where "mymagicvalue" was put in the cookie upon successful login.
Regards
Ian
On 12/03/2021 20:56, Jore wrote:
Hi there,
I have pages served from "embed.domain.com" that I'd only like to be
accessible when they're embedded in files served from "docs.domain.com"
Visualisation below:
Is it possible to lock down "embed.domain.com" so it can only be
accessed through "docs.domain.com"?
Can this be done with nginx conf or another method?
Thank you!
Jore
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
