On Wed, Mar 17, 2021 at 11:21:58PM +1100, Jore wrote:
> On 17/3/21 8:22 pm, Francis Daly wrote:
Hi there,
> > Alternatively: if you were to reverse-proxy the MediaWiki instance at
> > docs.domain.com/embed/, then you could potentially set a cookie on
> > docs.domain.com, and require that a suitab
Hi there,
Thank you for the suggestion.
Jore
On 18/3/21 1:59 am, Ian Hobson wrote:
Hi,
I have not tried it, but I believe if you set a cookie
on .domain.com to say that they are logged in (Note the leading .) ,
then you can read that cookie in all sub-domains, and check they are
logged in
Hi,
I have not tried it, but I believe if you set a cookie
on .domain.com to say that they are logged in (Note the leading .) ,
then you can read that cookie in all sub-domains, and check they are
logged in to domain.com.
You might have to use domain.com, instead of docs.domain.com for the
o
Hi there,
Thanks for getting back.
On 17/3/21 8:22 pm, Francis Daly wrote:
Alternatively: if you were to reverse-proxy the MediaWiki instance at
docs.domain.com/embed/, then you could potentially set a cookie on
docs.domain.com, and require that a suitable cookie is present for any
requests to
On Mon, Mar 15, 2021 at 04:24:27PM +1100, Jore wrote:
Hi there,
> "a HTTP request to the
> embed.domain.com site must only get a response if the request was made by a
> user clicking a link on the docs.domain.com site"... Am I correct in
> understanding that you mean it's not reliable as headers
Hi there,
Thanks for your reply, I appreciate it.
Apologies I wasn't more clear, but yes, I mean "a HTTP request to the
embed.domain.com site must only get a response if the request was made
by a user clicking a link on the docs.domain.com site"... Am I correct
in understanding that you mean
On Sat, Mar 13, 2021 at 07:56:35AM +1100, Jore wrote:
Hi there,
> I have pages served from "embed.domain.com" that I'd only like to be
> accessible when they're embedded in files served from "docs.domain.com"
> Is it possible to lock down "embed.domain.com" so it can only be accessed
> through "
Hi there,
I have pages served from "embed.domain.com" that I'd only like to be
accessible when they're embedded in files served from "docs.domain.com"
Visualisation below:
Is it possible to lock down "embed.domain.com" so it can only be
accessed through "docs.domain.com"?
Can this be done
