yPhil
Reputation: 8357
Restrict access to nodejs express routes
I have "internal" routes in my app :
app.get('/myroute', function(req, res) {
res.status(200).send('Hello!');
});
But the route is also accessible from outside:
curl http://example.com/myroute/?this=that
How to restrict the use of this route to the app / domain itself, ideally with a nice error?
Upvotes: 1
Views: 955
Answers (1)
Alex Taylor
Reputation: 7168
As I see it, you have a few options:
- Consider whether this route needs to be a web route at all, and not a function. If it's internal, surely a function would suffice?
- Create a 'shared secret' for this function that must appear in either the header or as a request param. Then only callers that know this secret can call it.
Upvotes: 2
Related Questions
- Restrict api access in Node JS express
- How can I prevent a user from accessing a route via URL parameters?
- In REST API, How to restrict URL access from browser using Nodejs & Expressjs
- Node JS Express Route Restrict issue
- How to stop user from accessing nodejs express routes
- NodeJS express: limiting access to route
- Node/Express - IP Restrict Access to Routes But Not Static Files
- Deny access to specific directory in nodejs express
- Restrict access to Node.js using Express
- Node.js Express - prevent access to certain URLs