Welcome to 16892 Developer Community-Open, Learning,Share
menu search
person

Categories

I'm using Laravel as API with Passport and Password Grant Token.

When no user is logged in, frontends still needs to access API routes to get misc data or to register a user. How should I protect these routes, used by a given frontend (set in api.php), to be only accessible by a frontend ?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
250 views
Welcome To Ask or Share your Answers For Others

1 Answer

You can restrict access to your API in the cors.php configuration file. You can set which domains are allowed to access your API in the allowed_origins header. It's a very easy way to achieve this without much hassle.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to 16892 Developer Community-Open, Learning and Share
...