Reputation: 15
Is it possible to disallow fetching resources from different domains?
I have a website where I'd like to disallow loading resources from all domains except my own. I know of a convoluted way to achieve this with fetch. But I would also like to block the loading of, for example an image tag or script file, if it is hosted on a different domain. Is it possible to achieve this using javascript? Other methods?
Upvotes: 0
Views: 628
Answers (1)
Reputation: 943980
This is what a Content Security Policy (CSP) is for.
You can add an HTTP response header which limits where resources can be loaded from.
For example if the HTML document is loaded with:
Content-Security-Policy: default-src 'self'
…then it can only load resources (including images, scripts, Ajax data, iframe contents, ets.) from the same origin.
The documentation I linked to above describes how to apply more nuanced restrictions.
Upvotes: 2
Related Questions
- How do I block certain domain requests via Javascript?
- Prevent request to another domain?
- Block cross domain XHR or fetch call at origination/source
- Is there a way to declare in a web page that all javascript http requests must be only to same host?
- Load external JS only from specific referrer/domain
- Disable cross-domain ajax request
- How to stop other website to send cross domain ajax requests?
- Block JS from loading on certain domains
- Restrict Cross Domain Ajax request
- Javascript cross domain - "allow" other domains?