Blocking API requests from unknown "Origins"

rasgo

5/4/23, 11:00 AM

I have an API that I'd like to block from unknown origins in production. CORS would work when the API is accessed by a website/browser, but how can I prevent it from being accessed from another servers or curl or some script running on localhost?

Thank you!

0 + 0

cors

Bob

5/4/23, 11:24 AM

In general: you use a firewall (equivalent) when you want to restrict access to networked services to only known hosts. - To prevent access to networked services from localhost you simply configure the service to bind/listen to a specific interface/ip-address(es) and not any/all interfaces. Then it can't respond to queries made to localhost

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Blocking API requests from unknown "Origins"

TH: การบล็อกคำขอ API จาก "Origins" ที่ไม่รู้จัก

RO: Blocarea solicitărilor API de la „Origini” necunoscute

RU: Блокировка запросов API от неизвестных «происхождений»

VI: Chặn các yêu cầu API từ "Nguồn gốc" không xác định

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.