If SuperTokens Core is being hosted locally, is there a way to enforce that calls to it can only com...

ITEnthusiasm

09/20/2022, 3:39 PM

If SuperTokens Core is being hosted locally, is there a way to enforce that calls to it can only come from

localhost

? (That is, only the local web app can make calls to it and no one else.) I know we have the API keys. But theoretically, enforcing that only

localhost

is allowed would add additional safety, right? 🤔

rp_st

09/20/2022, 3:39 PM

Hey!

rp_st

09/20/2022, 3:40 PM

You can do it if you put an nginx reverse proxy in front of the supertokens core

rp_st

09/20/2022, 3:40 PM

And then enforce that rule via nginx

rp_st

09/20/2022, 3:40 PM

But we can also add this as a feature on the core. Please do open an issue about it and we can make it happen 🙂

ITEnthusiasm

09/20/2022, 4:59 PM

Okay awesome! I'll open an issue some time soon then. Ideally my app won't be using

nginx

. 😅 Thank you!

rp_st

09/20/2022, 5:20 PM

Cool!

ITEnthusiasm

09/20/2022, 5:49 PM

https://github.com/supertokens/supertokens-core/issues/511

rp_st

09/20/2022, 5:50 PM

Thank you.

rp_st

09/22/2022, 1:15 PM

hey @ITEnthusiasm this has been implemented!

ITEnthusiasm

09/22/2022, 2:12 PM

Awesome! Thanks a ton! 😄

rp_st

09/22/2022, 2:18 PM

lmk if you run into issues with it

3 Views

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).