Gather Client Domain from Rails API GET Request

时间:2015-06-15 14:22:41

标签: ruby-on-rails api get header request

What is the easiest way to capture the domain of a client request on a Rails API?

Example:

If I use https://www.hurl.it/ to post a GET request to:

https://staging.mysite.com/api/v1/products?access_token=7b9f3cddd3914a6f45fa692997fe6dc9

How do I capture that the request is coming from hurl.it? I've tried:

  • request.host
  • request.url
  • request.referer
  • request.headers['origin']

I need this since I check the access token and that the request is coming from the domain that the access token is registered with.

API Controller: 

    module Api
      module V1
        class ApiController < ApplicationController
          respond_to :json
          before_filter :restrict_access

          private

          def restrict_access
            api_app = ApiApp.find_by_access_token(params[:access_token])
            binding.pry
            head :unauthorized unless (api_app && (api_app.request_origin.include? request.host.split('?').first))
          end
        end
      end
    end

Rails version: 4.2

Thanks for the help!

1 个答案:

答案 0 :(得分:0)

我最后坚持使用IP地址:

[self.webView setPolicyDelegate:nil];
相关问题
最新问题