Hi, I’m new to Ionic and was wondering if there was a way for a backend to know if a request was coming from an Ionic app? I know the origins vary depending upon Android vs. iOS etc., but something coming from http://localhost doesn’t exactly tell me what I need to know.
Or, is the best course of action to create some kind of custom header that my backend looks for? If so, how would I go about creating one?
Thank you
Adding a custom header is probably your best bet. How are you making requests (what library/function are you using)?
I want to embed some sensitive data via an iFrame. I have control of the backend, and what I want to do is only allow the sensitive webpage to be embeddable if I recognize the client (a specific Ionic app), instead of allowing access across the board. So really it’s just an iFrame via React. Is this possible? Right now I can kind of do “everyone has access”, “nobody has access” or “default Ionic hosts e.g. ionic://locahost has access.”
Ideally, I’d be able to say something like “anybody with a specific appId in some request header can embed this webpage”
Do you have user authentication in the app? If so, one option would be to hit an API endpoint which returns a signed URL for the iframe or just a key you pass as a query parameter to the iframe URL that authenticates allowing the user to load the iframe in the app.
If you don’t have user authentication, then I can’t think of a way to restrict it that would not be able to be circumvented. If you just pass a request header that is the same for everyone using the app, someone can easily sniff the request and get the header.