JSON fetch file

@kiwisApr 19.2021

I’ve got a bunch of nice data what’s being generated into a JSON file the my page is using.

If I go directly too much page I can see all this raw data. It’s being called via a simple JS fetch request.

Without going into very complex solutions – is there a way to make it so a 3rd party couldn’t request this file and use my data?

to post a comment

PHP

@NogDogApr 20.2021 — #["JSON retch file","JSON fetch file"]

@NogDogApr 20.2021 — #Nothing comes to mind unless you incorporate some sort of user authentication (login).

@kiwisauthorApr 20.2021 — #@NogDog#1630592

But that would mean "visitors" can't see my site?

Is there a way of detecting who's calling the page? i.e my site vs another? or some type of .htacess file that prevents 3rd party servers calling my pages?

@kiwisauthorApr 20.2021 — #Is it possible to rename my files filename.protected then have the sever run it as a .php extension? I could then add hotlink protection to that filename?

if so how can i allow that extension as a php file

@NogDogApr 20.2021 — #In PHP you can look at $_SERVER['HTTP_REFERER'] to see the source of the request, but it is not 100% dependable. (It can be easily spoofed by a hacker/scraper, and might possibly be sent by all legitimate requests (perhaps a privacy setting in someone's browser?)). If I decided I wanted to do that, I'd probably stick the actual JSON file somewhere outside of the web root directory tree, then have the target be a PHP file that checked that referrer variable, and if OK set relevant HTTP headers (via header()) for the file type, then just do a readfile('/path/to/file.json'); if things are good; otherwise using header() to send a 404 Not Found (or whatever makes more sense).

JSON fetch file

5 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

JSON fetch file

5 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

5 Comments(s) _↴

Also in #PHP _↴