1

I have a slightly strange question and I'm not sure if this could be achieved at all but anyway I'm curious to try.

I have 2 sites that are independent, lets say www.site1.com and www.site2.com. site2 will be placed in a href in site1. The question is - is it possible site2 to be accessible only after the user is redirected to it from site1 and if the user tries to open site2 directly or thru an a href from another site different then site1 to not be able to access it?

Atanas Ivanov
  • 69
  • 7
  • You can set a cookie on site1 and check it on site2. It should be some cryptographically signed token you can verify so it won't be spoofed, and it should have some lifetime, or a one time use. There is also referrer header but that can be easily faked. – Rani Sharim Oct 11 '21 at 10:59
  • @RaniSharim cookies are domain specific. –  Oct 11 '21 at 11:05
  • This is done server-side using the referrer. With PHP for instance: https://stackoverflow.com/questions/5032889/checking-php-referrer –  Oct 11 '21 at 11:06
  • @RaniSharim Yes, if you make an AJAX request to site2 to create the cookie that way, then this will work of course. But telling a beginner to "set a cookie on site1" without mentioning it's actually a credentials-enabled ajax request to site 2 might be misleading at best –  Oct 11 '21 at 11:12

3 Answers3

2

Check for:

window.document.referrer
// Empty if User is directly loading page.

The value is an empty string if the user navigated to the page directly (not through a link, but, for example, by using a bookmark). Because this property returns only a string, it doesn't give you document object model (DOM) access to the referring page.

MDN Documentation: https://developer.mozilla.org/en-US/docs/Web/API/Document/referrer

Browser Support:

enter image description here

Roy M J
  • 6,926
  • 7
  • 51
  • 78
1

You can check for a post parameter that you set from the website 1 redirection (either through a form or plain javascript). And then set a local storage variable to check for when loading site 2.

Local storage doc

JavaScript post request like a form submit

But keep in mind this can be easily bypassed with enough html/js knowledge.

To ensure that only your website can make post parameter, you could maybe (not sure about me there): generate code (used as post parameter) on the go from webserver 1 and send them to webserver 2 at the same time (or a little before) to ensure the code received by the server 2 is really generated at server 1

polypode
  • 501
  • 3
  • 14
1

Depending on the backend server you are using, you can use something called REFERRER details that will be there in the http header of the request ( for your www.site2.com page for example). This REFERRER will have the information on who referred the user to this site. You can add a condition something like if REFERRER is www.site1.com then render the page .

Here is a link to start with https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer

Kishore S
  • 106
  • 2