Question

What is the easiest way to capture the domain of a client request on a Rails API?

Example:

If I use https://www.hurl.it/ to post a GET request to:

https://staging.mysite.com/api/v1/products?access_token=7b9f3cddd3914a6f45fa692997fe6dc9

How do I capture that the request is coming from hurl.it? I've tried:

request.host
request.url
request.referer
request.headers['origin']

I need this since I check the access token and that the request is coming from the domain that the access token is registered with.

API Controller:

    module Api
      module V1
        class ApiController < ApplicationController
          respond_to :json
          before_filter :restrict_access

          private

          def restrict_access
            api_app = ApiApp.find_by_access_token(params[:access_token])
            binding.pry
            head :unauthorized unless (api_app && (api_app.request_origin.include? request.host.split('?').first))
          end
        end
      end
    end

Rails version: 4.2

Thanks for the help!

Answer 1

我最后坚持使用IP地址：

[self.webView setPolicyDelegate:nil];

Gather Client Domain from Rails API GET Request

1 个答案: