All threads / Restricting Javascript Widgets to Registered Sites Discussion

Ask A Question

Notifications

You’re not receiving notifications from this thread.

Restricting Javascript Widgets to Registered Sites Discussion

In this example you first render the javascript and make another call to API via fetch and check the domain in API controller. Is there a specific reason for that?

Isn't it better to check the domain at embeds-controller and if domain is not registered, we will not have to render any javascript on client side.

We can get the domain by checking headers with something like URI.parse( request.env["HTTP_REFERER"])

Reply
Join the discussion

Want to stay up-to-date with Ruby on Rails?

Join 33,399+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.

    logo Created with Sketch.

    Ruby on Rails tutorials, guides, and screencasts for web developers learning Ruby, Rails, Javascript, Turbolinks, Stimulus.js, Vue.js, and more. Icons by Icons8

    © 2020 GoRails, LLC. All rights reserved.