1

I want the javascript loaded only on the domain that I specify, while if it is loaded by another domain, the page will be directed to the domain that I specify.

for example, I have a page in domain mydomain.com with some javascript there, then someone copy that javascript from my page and load it in hisdomain.com. Because I have set the script to function only in the domain mydomain.com, so the script will not work in hisdomain.com. Besides, it would be better if hisdomain.com redirected to mydomain.com.

I want to use this method to avoid theft and cloning scripts by people who are not responsible.

Thank you!

bl4ckbox
  • 149
  • 1
  • 11
  • 3
    You can't. If they're linking directly to the .js file you could only allow certain domains to access it, but if they're copying the contents of the file there's nothing you can really do to stop them - you might be able to block the stupidest of people who can't take out whatever very simple mechanisms you put in (like checking the domain in `window.location.href`) but it all seems like a huge waste of effort. – Anthony Grist Aug 11 '14 at 15:44
  • 1
    Avoiding theft is not really all that practical - anything substantial you should minimize, but beyond that most people are not worried – tofarr Aug 11 '14 at 15:44
  • 2
    What's to stop someone downloading the JavaScript, editing the "protection" out, and re-using it? Spend your time building interesting things, not trying (in vain) to protect your script. – Paul Roub Aug 11 '14 at 15:45
  • Thank you all for your advice! – bl4ckbox Aug 11 '14 at 16:00

2 Answers2

4

I want the javascript loaded only on the domain that I specify, while if it is loaded by another domain, the page will be directed to the domain that I specify.

This should do it:

if (location.host != "your.domain") location.href = "http://your.domain";

I want to use this method to avoid theft and cloning scripts by people who are not responsible.

That line will only help against the case that the other domain includes your.domain/script.js (and steals your bandwidth). When the script is actually copied (and not served from your server), it would be trivial to remove such a line. It's impossible to protect. Rather have a look at How can I obfuscate (protect) JavaScript?

Community
  • 1
  • 1
Bergi
  • 630,263
  • 148
  • 957
  • 1,375
  • how about javascript obfuscator? – bl4ckbox Aug 11 '14 at 15:47
  • That's a different question, and still won't hinder them to *use* the script. Have a look at the link I edited into my answer, though. – Bergi Aug 11 '14 at 15:48
  • I mean like this, I will protect my script to only work in my domain by adding code from you. After it, I obfuscate the script, so the `if (location.host != "your.domain") location.href = "http://your.domain";` line will not visible without deobfuscate it. – bl4ckbox Aug 11 '14 at 15:51
  • It might not be visible or immediately clear, but as soon as you notice the script doing a redirection it will be possible to track down that statement and remove it (or just change the string literal to `his.domain`). You'd need a very good obfusciator. – Bergi Aug 11 '14 at 16:04
  • Thank you, this script useful for me. Any advice for a very good obfuscator, please? – bl4ckbox Aug 11 '14 at 16:08
  • No, I haven't used any yet. I believe in open source… – Bergi Aug 11 '14 at 16:09
0

this will help

if (location.host == "yourwebsite.com") {

// put your script function here
}
else {
location.href = "http://yourwebsite.com"; 
}
Mido23dz
  • 1
  • 3