Control Javascript page content according to who is ordering

Asked

Viewed 76 times

0

It is possible to control the content of a script page according to the website that is ordering this page?

For example if the site X make the request I show X to run if the site Y access I show other content dynamically. This is possible without I need to change the link for each client?

If possible as I do an array of sites to display X and if it’s the other Y contents?

  • I believe it is not possible, you will have to have different links, at least one parameter: seusite.com/?from=outrosite.com

  • Can you explain better what you are looking for? It is unclear. Give a concrete example pf.

  • I have a Javascript page with several codes inside it. This page can be installed by several forums but some of these forums are found in a "Blacklist" either by the behavior of the user or any other reason but he would be unable to use the service. Only if I do this "Blacklist" via Javascript the guy can simply download the script and configure it in a way that he can use. The goal is this if the guy uses I change the content so he can not cheat...

  • Unfortunately it will not be possible, you cannot prevent a user from accessing a public page.

  • Tip: when talking to someone in the comments, use @nome_do_usuário for him to receive a notification.

  • @Andrey Thanks for the tip.. I hadn’t even noticed that down there said that. Well, thanks for the clarification, I think I’ll use the parameters system by the URL in case no one knows a better way to do it..

Show 1 more comment

1 answer

1


A question much like your was done at Stackoverflow in English. A response, I will translate (because we are in the OS in Portuguese) freely the following is particularly complete, in my opinion, and brings the most useful considerations to your problem.

Whereas the client (user browser) can send any thing that he wants, I would say that there is no way to be sure of which your site script is called:

  • Once you want to know the website URL that embeds your widget, and not the user’s address, $_SERVER['REMOTE_HOST'] won’t help
  • $_SERVER['HTTP_REFERER'] may seem OK, but it’s actually not:
    • The customer does not have to send [the HTTP_REFERER] and does not always
    • As it is sent by the customer, it can be forged/forged with ease

So I’d say there’s no real solution to this problem, by except on the server side (if I’m wrong, I’m interested in know!)

But maybe you can do something on the client side: while was writing all this, I thought of Google Maps and its API system Key:

  • you have an API (single) key for your domain
  • when you load the Google JS scripts, you send this key
  • if the key is not registered to the domain from which you are trying to display the map, there is a message alert, saying that "the Google Maps API server rejected your request. This may be due to the API key used on this site being registered to a website different."
    • but the map seems to be displayed anyway -- at least on my test server
  • this alert is really boring for the end user, and I don’t think anyone would like a message to be displayed on their website because they are using the service without authorization...

Maybe you can take a look at how this is done on Google Maps :-)

Browser other questions tagged

You are not signed in. Login or sign up in order to post.