[ic] Allowing a particular domain access to content

Peter peter at pajamian.dhs.org
Mon May 24 01:36:05 UTC 2010

On 24/05/10 13:13, Paul Jordan wrote:
> Is there a way to allow only a particular external domain to access
> content from an Interchange website when one does not have control of
> the external domain?
> Site1 grabs stuff from Site2, and Site2 doesn't want to show this
> content to anyone other than Site1. I have complete control over Site2,
> and limited (practically zero) control of Site1.
> I've been controlling access using environment variables, but I'm pretty
> sure all environment variables can be faked.

Environment variables can't be faked, but http headers (which control
some of the variables, such as referrer) can be.  I think what you're
referring to here is having a third person actually presented the
content in a browser and checking the referrer, in which case you have
the distinction of presenting the content to anyone as long as they are
also on the other site.  In that case the only way that I know of is to
check the referrer which can (as you point out) be spoofed.

If, on the other hand, the other site is fetching the content from you
directly and displaying it to the browser (by actually pulling the
content through their own server) then you can check the IP address to
verify that the connection is coming from that server.


More information about the interchange-users mailing list