On 31 Oct 2011, at 18:25, Christopher Schultz <ch...@christopherschultz.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Richardo, > > On 10/31/2011 12:33 PM, Ricardo Bayley wrote: >> You are right. What I intend to do is prevent hot linking. > > We get what you are trying to do: you'll just have to write your own > code to do it. Tomcat ships with a Filter called RequestFilter that > you can subclass if you need that kind of flexibility. If you don't > need such flexibility, just write it yourself: it's pretty much a > one-liner. It'll still be fragile and open to exploitation. An AJAX call can set any request headers it likes. You be better off using authentication if you want anything more than a casual defence. p > >> My webapp, is working as a REST webservice. >> >> So I would like to have tomcat reply only when requests come from >> specific sites. > > You mean when the requests are referred from specific sites, right? > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk6u5+EACgkQ9CaO5/Lv0PAy+QCgxBUvXjXAcLcNR8MIOO6L4+0N > J98AoJbIlVQG9a/IfgICHPi1gqIsR2y7 > =uQ+h > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
