Reputation: 3639
NodeJS express: limiting access to route
I'm creating an express project and I have some routes to provide data to frontend controllers via ajax, for instance they begin with /get_data.
So my question is how to protect these routes? Anyone can access them easily. I tried to do
app.use((req, res, next) => {
if(!req.xhr) res.sendStatus(404);
else next();
})
But this doesn't prevent ajax calls from other sites to access the data. So how to make it more secure? If it's not possible, in what way can I provide data to frontend?
Upvotes: 0
Views: 1508
Answers (1)
Reputation: 275
One option is using CORS (there is an express middleware). So you can configure your route to accept requests from the specific origin only. But the origin can be faked.
If you have some sensitive data there, you may consider adding Authentication (and maybe Authorization) to your application. There are a lot of ways of implementing that, for example popular Passport.js library.
Also there are some details in answers to How to implement a secure REST API with node.js Ask Question.
Upvotes: 2
Related Questions
- How can I prevent a user from accessing a route via URL parameters?
- Node JS Express Route Restrict issue
- Restrict access to nodejs express routes
- How to stop user from accessing nodejs express routes
- Allow only AJAX requests in express
- Restrict certain AngularJS routes for given NodeJS route
- Deny access to specific directory in nodejs express
- Node.js Express - prevent access to certain URLs
- Block node js route
- how can i restrict the access to only ajax requests?