Okay, the title of this topic is really stupid – but I am not able to sum it up in a better way than that. So here is more detailed version of my problem:
I am creating a small JavaScript library that enables developers to send strings on custom events to a dedicated server (url defined in the library). Lets say the library is called \”testLib\”, the developer that uses this library could write something like this:
function success() {
testLib.send(\"Everything OK\");
}
So everytime this success function is called, a REST call (POST-request) is made to the server that is definded inside the library. So far, thats no problem.
But the ugly thing is that everyone with firebug or similar could call these \”testLib.send()\” method too. Thats really ugly, because the hole sense behind this library is to track only the events that the developer has defined. Of course, the server will take care of the basic validation (origin check, API key,..), but still: One could start firebug and just call the \”testLib.send\” method.
Is there any chance to build an authorization mechanism that prevent the \”firebug user\” from sending rest calls via the predefined library methods?
Rating:
The post rest – Writing a JavaScript Library: how to authorize methods? appeared first on Javascript ASK.
via Javascript ASK http://javascriptask.phpfogapp.com/rest-writing-a-javascript-library-how-to-authorize-methods.html
No comments:
Post a Comment