Solved

Javascript to verify domain, then launch a different website

Posted on 2011-02-18
8
873 Views
Last Modified: 2012-05-11
Scenario - our clients can run our web pages from THEIR websites, as though our page were on their server.  

Objective - I would like to come up with some code that I can give our client to put on their website that will launch one of our pages. Once there, they can navigate around our other pages.    The code should verify that it's coming from the client's domain (so it can't be stolen)

An example, may be something like Google Maps.   I can add google maps to my website by installing the js that google provides me.  If I try to run the same script from a different server, it will create an error.  I know some menu code that you purchase can do the same thing - error if tried to run from the wrong website.

So, my question has two parts.
what js code can I give a client that will (1) ensure it is run from a particular domain
and (2) open up one of our pages as though it is on their site.

---
Is  window.location.hostname   a reliable way to verify the domain?
0
Comment
Question by:gdemaria
  • 3
  • 3
  • 2
8 Comments
 
LVL 52

Assisted Solution

by:_agx_
_agx_ earned 250 total points
ID: 34931702
Unfortunately my javascript-foo isn't nearly that strong ;-) The closest I've seen to deciphering how google maps works is this thread.

http://stackoverflow.com/questions/2256305/how-does-google-maps-secure-their-api-key-how-to-make-something-similar
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 34931839
That isn't usually done with javascript.  It is done on the server with a server language like PHP or ASP that can read the 'Server Variables'.  The requesting server IP is available because the server has to know where to send the request back to.

The code would go on your server to verify that the request is coming from an acceptable place.
0
 
LVL 39

Author Comment

by:gdemaria
ID: 34933276
agx - thanks for the link, it's hard to find info out there and that helped. Just wish it had more detail

Dave - thanks for you reply.  This is a bit different than you are thinking.  Google Maps, for example, doesn't ask for our server's IP address.  I don't want to allow only our Client to view the pages, I want the world to view the page IF it's launched by the client's website.  Locking down the server info or IP would prevent others from seeing it.   The js I would like to create authenticates the fact that our page is launched by the correct domain and then is available to the world to view.

0
Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 34933611
"window.location.hostname" is not used in the Google Maps javascript.  I think the article linked by @_agx_ explains how the HTTP_REFERER sent to the server can be checked against the 'key' in their database.
0
 
LVL 39

Accepted Solution

by:
gdemaria earned 0 total points
ID: 34933683

This seems to be a great article on the subject

http://java.sun.com/developer/technicalArticles/J2EE/usingapikeys/#urlres


The link should bring you down to a section called : URL-Based API Key Restriction
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 34933699
Yes, that's a good description of what I was trying to say.  The 'key' gets checked against the 'HTTP_REFERER' in the database on the server when the file request is made.  It is not done by javascript alone.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 34934167
I'm still reading, but that's probably the most detailed article I've seen on the subject!
0
 
LVL 39

Author Closing Comment

by:gdemaria
ID: 35106981
For the benefit of the archives I am assigning my post as the "solution" but noting both of your contributions and splitting points between you.  Thanks for your help!
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Part 1 (http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/A_7849-Hex-Maze.html) we covered the hexagonal maze basics -- how the cells are represented in a JavaScript array and how the maze is displayed.  In this part, we'…
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now