Home/ Questions/Q 9230843
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T05:55:07+00:00

I have a servlet respond to my GET request ‘/getdata’ : get ‘/getdata’ do

  • 0

I have a servlet respond to my GET request '/getdata':

get '/getdata' do
  if request.referrer.to_s == '/my_website_uri'
    erb :content
  else
    reponse = [ 404, {'Content-Type' => 'text/html'}, '<h1>404 - Not Found</h1>' ]
  end
end

I want to make sure if the request is by my page, then gives data, otherwise gives 404.

I have the code above. It checks the request referrer if it includes my URI, but I think anyone can mock a request like that…Is there any better ways?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes, referer is trivial to spoof. No, there isn’t a way that’s both easy and secure.

    You’d control access to that URL the same way you’d control access to any other: with your pick of authorization and authentication protocols – as straightforward as HTTP basic (over SSL!), or as modern as OAuth.

    • 0