Allow access to web application only when my server redirects to it

Question

My question is very very similar to this one

The idea is the following.

I have an app written in Node (specifically Sails.js) it a simple form for invoices.

And another one in Laravel.

So what I want is that the user can only access that form (Sails app) if one Controller of the Laravel app redirects to it.

On the link above it says that I could use sessions but as you can see this are very different applications. So I'm looking for the simplest and best way to do it.

Any advice is well received or if you have some better approach to solve this please let me know. Thanks

How secure does this redirect need to be? Could you simply add a parameter to the redirect URL ie. &fromlavarel=true and in the Sails controller reject the call if fromlavarel param does not exist? — Glen, Aug 20 '17 at 10:46

score 0 · Answer 1 · answered Aug 20 '17 at 19:14

0

Probably the most simple way is to use the referer header in your Sails controller and do a simple comparison check.

For example:

getinvoice : function(req, res, next) {
  var referer = req.headers.referer;
  if(referer != 'http://somedomain.com/pageallowedtocallgetinvoice'){
    return res.forbidden();
  } else {
    ...
  }
}

answered Aug 20 '17 at 19:14

Glen

1,178
10
19

thanks for replying but unfortunately this isn't enough safe – Iván E. Sánchez Aug 20 '17 at 23:47

Allow access to web application only when my server redirects to it

1 Answers1