Posted on 2011-02-18
Scenario - our clients can run our web pages from THEIR websites, as though our page were on their server.
Objective - I would like to come up with some code that I can give our client to put on their website that will launch one of our pages. Once there, they can navigate around our other pages. The code should verify that it's coming from the client's domain (so it can't be stolen)
An example, may be something like Google Maps. I can add google maps to my website by installing the js that google provides me. If I try to run the same script from a different server, it will create an error. I know some menu code that you purchase can do the same thing - error if tried to run from the wrong website.
So, my question has two parts.
what js code can I give a client that will (1) ensure it is run from a particular domain
and (2) open up one of our pages as though it is on their site.
Is window.location.hostname a reliable way to verify the domain?